4

我有一个 Skype for Business 帐户呼叫 art@shockw4ves.onmicrosoft.com,我正在尝试获得授权。

  1. 我对 lyncdiscover 服务的第一个请求
GET https://lyncdiscover.shockw4ves.onmicrosoft.com/

回答:

{
  "_links": {
    "self": {
      "href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=shockw4ves.onmicrosoft.com"
    },
    "user": {
      "href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=shockw4ves.onmicrosoft.com"
    },
    "xframe": {
      "href": "https://webdir1e.online.lync.com/Autodiscover/XFrame/XFrame.html"
    }
  }
}
  1. 然后我拿一个user链接并做下一个请求
GET https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=shockw4ves.onmicrosoft.com

答案:401 未经授权

Cache-Control → no-cache
Content-Length → 1293
Content-Type → text/html
Date → Wed, 30 Sep 2015 11:16:37 GMT
WWW-Authenticate → 
    Bearer trusted_issuers="00000001-0000-0000-c000-000000000000@*", 
    client_id="00000004-0000-0ff1-ce00-000000000000", 
    authorization_uri="https://login.windows.net/common/oauth2/authorize", 
    MsRtcOAuth 
    href="https://webdir1e.online.lync.com/WebTicket/oauthtoken",
    grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting"
X-Content-Type-Options → nosniff
X-MS-Correlation-Id → 2147499790
X-MS-Server-Fqdn → AMS1E01EDG08.infra.lync.com
client-request-id → ea4f5098-732f-4feb-ae34-cf6ff7fc1a73
  1. 此响应包含我的凭据数据。我接受授权 uri 并执行我的下一个请求
POST https://login.windows.net/common/oauth2/authorize

body of x-www-form-urlencoded:

grant_type=password
username=art@shockw4ves.onmicrosoft.com
password=xxxxxxxxxx
client_id=00000004-0000-0ff1-ce00-000000000000

Answer:

<html>
    <head>
        <title>Continue</title>
    </head>
    <body>
        <form method="POST" name="hiddenform" action="https://login.microsoftonline.com/common/oauth2/authorize">
            <input type="hidden" name="grant_type" value="password" />
            <input type="hidden" name="username" value="art@shockw4ves.onmicrosoft.com" />
            <input type="hidden" name="password" value="xxxxxxxxx" />
            <input type="hidden" name="client_id" value="00000004-0000-0ff1-ce00-000000000000" />
            <noscript>
                <p>Script is disabled. Click Submit to continue</p>
                <input type="submit" value="Submit" />
            </noscript>
        </form>
        <script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
    </body>
</html>
  1. 复制此 html 表单并在浏览器中运行。它重定向到https://login.microsoftonline.com/common/oauth2/authorize并打开带有错误文本的页面:
Sign In
Sorry, but we’re having trouble signing you in.
We received a bad request.

Additional technical information:
Correlation ID: 0669eee8-0dc5-4aa1-a94d-41e5bbc2f25d
Timestamp: 2015-09-30 14:06:30Z
AADSTS50011: No reply address is registered for the application.

我做错了什么?我也测试:

grant_type=password 
grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting"  
grant_type="urn:microsoft.rtc:windows,urn:microsoft.rtc:anonmeeting,password"

什么是错误没有为应用程序注册回复地址?

4

1 回答 1

2

有几个问题。第二步的 401 响应包含带有grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting"的 WWW-Authenticate 标头,这意味着仅允许通过被动或匿名会议进行身份验证。在步骤 3 中,请求尝试使用不受支持的授权类型密码。

有问题的帐户看起来/感觉像是与 Office365/Lync Online 相关联,这意味着当前没有任何对 UCWA 的支持。即使支持这一点,您也需要查看如何使用被动身份验证进行身份验证,UCWA中的身份验证,目前没有很好的文档记录。

于 2015-10-01T17:55:26.483 回答