在尝试使用合作伙伴中心 API 为客户获取自定义域时,我们使用仅 APP 身份验证来获取自定义域,但我们需要使用 APP + USER 身份验证来获取自定义域。我们使用以下链接尝试了 APP + USER 身份验证:
我们已经实现了相同的代码以允许 APP + USER 身份验证。我们的 SPA(React JS 应用程序)将提供授权码,SPA 将调用一项服务来处理对合作伙伴中心 API 的请求,以通过授权码生成刷新令牌和访问令牌,并将刷新令牌存储到密钥库。但是在处理请求时,我们无法获取令牌
{"error":"invalid_grant","error_description":"AADSTS50148: The code_verifier does not match the code_challenge supplied in the authorization request for PKCE.\r\nTrace ID: 3b5b5d7c-a680-4ccf-ab2c-a474d9196b00\r\nCorrelation ID: 370937cc-3272-4b06-b089-9c5978485fb5\r\nTimestamp: 2020-11-23 12:43:24Z","error_codes":[50148],"timestamp":"2020-11-23 12:43:24Z","trace_id":"3b5b5d7c-a680-4ccf-ab2c-a474d9196b00","correlation_id":"370937cc-3272-4b06-b089-9c5978485fb5","error_uri":"https://login.microsoftonline.com/error?code=50148"}
{"error":"invalid_request","error_description":"AADSTS9002327: Tokens issued for the 'Single-Page Application' client-type may only be redeemed via cross-origin requests.\r\nTrace ID: 14c9cba0-90c5-4f84-9a0b-472d1923a500\r\nCorrelation ID: 784cf9c2-c571-4cbe-9b0c-15ef71bb276d\r\nTimestamp: 2020-11-24 11:02:03Z","error_codes":[9002327],"timestamp":"2020-11-24 11:02:03Z","trace_id":"14c9cba0-90c5-4f84-9a0b-472d1923a500","correlation_id":"784cf9c2-c571-4cbe-9b0c-15ef71bb276d"}