0

我已经在我的 Office 365 环境中注册了我的应用引擎应用,并且回调 URL 正常工作,我收到了一个 SPAppToken。

我想使用这个 java 类获得一个访问令牌:

http://javadoc.google-oauth-java-client.googlecode.com/hg/1.12.0-beta/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.html

我的问题是下面哪些值映射到我在 SPAppToken 中找到的值?ClientAuthentication 中的凭据是我假设的 applicationId 和 applicationSecret。redirectURI 是为了返回我的应用程序。我认为应该用https://accounts.accesscontrol.windows.net/tokens/OAuth/2填充 GenericURL

但我不断收到:错误:invalid_request ACS90019:无法从请求中确定租户标识符。

下面是代码xx表示我需要替换的变量,并且在 SPAppToken 下方(从 base64 解码)

try {TokenResponse response = new AuthorizationCodeTokenRequest(new NetHttpTransport(), new JacksonFactory(), new GenericUrl(**"https://server.example.com/token"**), **"SplxlOBeZQQYbYS6WxSbIA"**).setRedirectUri("https://client.example.com/rd") .setClientAuthentication(new BasicAuthentication(**"s6BhdRkqt3"**, **"7Fjfp0ZBr1KtDRbnfVdmIw"**)).execute();
  System.out.println("Access token: " + response.getAccessToken());
} catch (TokenResponseException e) {
  if (e.getDetails() != null) {
    System.err.println("Error: " + e.getDetails().getError());
    if (e.getDetails().getErrorDescription() != null) {
      System.err.println(e.getDetails().getErrorDescription());
    }
    if (e.getDetails().getErrorUri() != null) {
      System.err.println(e.getDetails().getErrorUri());
    }
  } else {
    System.err.println(e.getMessage());
  }
}

SPAppToken 解码: 

{"typ":"JWT","alg":"HS256"}{"aud":"e9e91cd9-0d95-46b7-8a05-f614a683e35d/eog-fire-ice.appspot.com@19d9feae-ba24-4c9e-831c-3132f2ea3974","iss":"00000001-0000-0000-c000-000000000000@19d9feae-ba24-4c9e-831c-3132f2ea3974","nbf":1353777617,"exp":1353820817,"appctxsender":"00000003-0000-0ff1-ce00-000000000000@19d9feae-ba24-4c9e-831c-3132f2ea3974","appctx":"{\"CacheKey\":\"hwqDPFbKDL9mIYpbReWYHeez1uES77UqEsxwienRA9g=\",\"SecurityTokenServiceUri\":\"https://accounts.accesscontrol.windows.net/tokens/OAuth/2\"}","refreshtoken":"IAAAAAi52NL58kY1UUpnmUJ9TPO7BpDSd6NqQGHbdfAEnOgioNbG8AwTGgf-3HPSNrdDexk5UUA3QFox_sky4_uon0XmLl6EfpqsC6RTpiatjJxXzB7EFJrqsiYI98MULyCubxjR5UyQwFzLvEjljEom7XcEXB2YCCWJQQdSRvFU4xo4NIPoUObhyjTK58TaCipUU3D4EiLJRSlkbcm_Y3VrVd8GMoQ8kx6BmJjeaGKZsJXWb7UJ8YTg6L4-HOoAiU3MymJl3oBxv_9rvHDmKb4FJ7vrN8AhJYUqlr9rZxOtG_BVeUX05E-umfoUU4PL2Cj-p7u4YOPo6rqVahovwGwYPn-pZbPfIcTj3TzKZdIk7OLemdR_S8_v0gASEM1Y_KTHsoQ6k-uZaa3QGZN4icu-Jp6Jh4UTRZuomLtkLmg7VVZL6VKpXUVW7RjUopoSEffb5RVmMVNOkNV4_r5NT7pjL0pWAk-uipTF0qLAMzEfr5M9YKNgBlbRbvjlePFz6co5_uOyY8VbfJsIqGhTr1dvW6o","isbrowserhostedapp":"true"}R?????XE??j?2??pZ?????0jLk

----- 新信息 2012-26-11 ------ 在更改“代码”字段以包含刷新令牌并使用 aud 整个值而不是仅 applicationID 后,我收到以下消息:

ACS50001: The required field 'resource' is missing.

问题是:我是不是越来越近了?

我也在这里问过这个问题:https ://groups.google.com/d/topic/google-oauth-java-client/EZtlwDbY_wk/discussion

4

1 回答 1

0

我修改了 com.google.api.client.json.JSONParser.java 并将这段代码放在我的 servlet 中:

        JsonWebSignature jws = JsonWebSignature.parse(new JacksonFactory(), req.getParameter("SPAppToken"));


    JsonParser jsonParser = new JacksonFactory().createJsonParser(jws.getPayload().get("appctx").toString());

    //Create my own AppTxc that extends GenericJSON
    AppCtx appCtx = jsonParser.parse(AppCtx.class, new CustomizeJsonParser());



    String appctxsender=jws.getPayload().get("appctxsender").toString();
    String[] splitApptxSender = appctxsender.split("@");

    //sharepointhost name is part of the resource field
    String sharepointServerHostName = new URL(req.getParameter("SPHostUrl")).getHost();

    // create the resource field        
    String resource = splitApptxSender[0]+"/"+sharepointServerHostName+"@"+splitApptxSender[1];



    try {

        AuthorizationCodeTokenRequest tokenRequest =    new AuthorizationCodeTokenRequest(new NetHttpTransport(), new JacksonFactory(),
                  new GenericUrl(appCtx.getSecurityTokenServiceUri()), jws.getPayload().get("refreshtoken").toString());

        tokenRequest.setRedirectUri("https://eog-fire-ice.appspot.com/callback4fireandice");
        tokenRequest.setClientAuthentication(
                    new ClientParametersAuthentication(jws.getPayload().getAudience(), SharePointAppSecret));
        tokenRequest.setGrantType("refresh_token");
        tokenRequest.set("resource", resource);
        tokenRequest.set("refresh_token", jws.getPayload().get("refreshtoken").toString());
        TokenResponse response =tokenRequest.execute();



        String accesstoken=response.getAccessToken();

    } catch (TokenResponseException e) {
        if (e.getDetails() != null) {
            pw.println("Error: " + e.getDetails().getError());
            if (e.getDetails().getErrorDescription() != null) {
              pw.println(e.getDetails().getErrorDescription());
            }
            if (e.getDetails().getErrorUri() != null) {
              pw.println(e.getDetails().getErrorUri());
            }
          } else {
            pw.println(e.getMessage());
          }
    }

我不确定是否所有信息(如重定向 URL)都是必需的,但现在我从 Azure ACS 获得了一个访问令牌。

感谢 Nick Swan (lightningtools.com) 对基于 Ruby on Rails 的初步帮助。

当然感谢 Yaniv Inbar (https://plus.google.com/+YanivInbar/) 提供了 google oauth java 客户端库。

我不得不提出一个错误报告: http://code.google.com/p/google-oauth-java-client/issues/detail?id=62&q=Type%3DDefect&sort=priority&colspec= ID%20Milestone%20Summary

于 2012-11-28T17:12:10.453 回答