使用Node.js Passport的Azure AD身份validation返回“此API版本不支持”
我目前正在开发一个使用Azure AD进行身份validation的应用程序。 应用程序应支持多个租户,但只有预定义的租户列表才能访问应用程序。 使用passport-azure-ad库,我将OIDCStrategy添加到护照中,如下所示:
// Use Azure AD OAuth2 strategy. passport.use('strategyName', new OIDCStrategy({ callbackURL: 'http://localhost:8080/oauth2/strategyName/callback', clientID: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', clientSecret: 'secret', identityMetadata: 'https://login.microsoftonline.com/test.mydomain.com/v2.0/.well-known/openid-configuration', responseType: 'id_token', responseMode: 'form_post', skipUserProfile: true }, function (iss, sub, profile, accessToken, refreshToken, done) { console.log(profile); done(); }));
在我的路线上,我有以下设置:
// Authentication endpoint. router.get('/strategyName', app.passport.authenticate('strategyName')); router.post('/strategyName/callback', function (req, res, next) { app.passport.authenticate('strategyName', function (err, account) { console.log(err); console.log(account); next(err); })(req, res, next); } );
当我访问http://localhost:8080/oauth2/strategyName ,我被正确地redirect到Microsoftlogin页面。 但是,在validation之后,我在控制台中得到这个消息:
{ "name": "Microsoft OIDC Passport Strategy", "hostname": "611b0a5198dd", "pid": 60, "level": 30, "msg": "Body received was: { error: 'unauthorized_client',\n error_description: 'AADSTS70001: Application \\'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\' is not supported for this API version.\\r\\nTrace ID: c8f56153-1125-44ac-af12-55f69b421d36\\r\\nCorrelation ID: d20580ba-75d4-47b9-9497-6a6b02cd72a7\\r\\nTimestamp: 2015-10-20 09:00:15Z' }", "time": "2015-10-20T09:00:16.266Z", "v": 0 }
我在Azurepipe理门户中添加了名为test.mydomain.com的目录,并且还添加了应用程序。
