2

我使用 Azure AD 租户为 android 构建了一个 AppAuth 测试应用程序,它工作正常。现在我正在尝试与 iOS (Swift 4) 相同,并且在尝试交换访问代码以获取访问令牌时失败。没有返回错误,我确实得到了一个 idToken 但没有 accessToken 或 refreshToken。没有其他错误。不知道发生了什么。如果没有访问令牌,我无法查询图表。我正在使用 Azure AD v2。这是我的一些代码:

func appAuthAuthorize(authConfig: AuthConfig) {
    let serviceConfiguration = OIDServiceConfiguration(
        authorizationEndpoint: NSURL(string: authConfig.authEndPoint)! as URL,
        tokenEndpoint: NSURL(string: authConfig.tokenEndPoint)! as URL)

    let request = OIDAuthorizationRequest(configuration: serviceConfiguration, clientId: authConfig.clientId, scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: NSURL(string: authConfig.redirectUri)! as URL, responseType: OIDResponseTypeCode, additionalParameters: nil)

    doAppAuthAuthorization(authRequest: request)
}


func doAppAuthAuthorization(authRequest: OIDAuthorizationRequest) {
    let appDelegate = UIApplication.shared.delegate as! AppDelegate

    appDelegate.currentAuthorizationFlow = OIDAuthorizationService.present(authRequest, presenting: self, callback: {
        (authorizationResponse, error) in
        if (authorizationResponse != nil) {
            self.authState = OIDAuthState(authorizationResponse: authorizationResponse!)
            self.logMessage(message: "Got authorization code: \(String(describing: self.authState?.lastAuthorizationResponse.authorizationCode))")
            self.doTokenRequest()
        } else {
            self.authState = nil
            self.logMessage(message: "Authorization error: \(String(describing: error?.localizedDescription))")
        }
    })
}

func doTokenRequest() {
    let tokenExchangeRequest = authState?.lastAuthorizationResponse.tokenExchangeRequest()

    OIDAuthorizationService.perform(tokenExchangeRequest!) {
        tokenResponse, error in
        if tokenResponse == nil{
            self.logMessage(message: "Token exchange error: \(error!.localizedDescription)")
        } else {
            self.authState?.update(with: tokenResponse!, error: error)
            self.saveState()
            self.logMessage(message: "Received token response with accesToken: \(tokenResponse!.idToken!)")
            self.logMessage(message: "Received token response with accesToken: \(tokenResponse!.refreshToken!)")
            self.logMessage(message: "Received token response with accesToken: \(tokenResponse!.accessToken!)")
            self.retrieveUserProfile()
        }

        self.authState?.update(with: tokenResponse, error: error)
    }
}
4

1 回答 1

1

得到了答案。问题在于,根据授权服务器,必须使用为该服务器定义的范围。在上面的代码中,我使用了 OIDScopeOpenID 和 OIDScopeProfile 的默认 OpenId 范围。一旦我将其更改为 User.Read 的 Azure AD 范围,一切都开始正常工作。所以这里是函数 appAuthAuthorize 中代码的净变化:

func appAuthAuthorize(authConfig: AuthConfig) {
let serviceConfiguration = OIDServiceConfiguration(
    authorizationEndpoint: NSURL(string: authConfig.authEndPoint)! as URL,
    tokenEndpoint: NSURL(string: authConfig.tokenEndPoint)! as URL)

let request = OIDAuthorizationRequest(configuration: serviceConfiguration, clientId: authConfig.clientId, scopes: ["User.Read"], redirectURL: NSURL(string: authConfig.redirectUri)! as URL, responseType: OIDResponseTypeCode, additionalParameters: nil)

doAppAuthAuthorization(authRequest: request)

}

于 2017-09-11T20:46:49.920 回答