Я использую «PHP League oauth2-client» для получения сведений о конкретном пользователе.
Но получил ошибку:
Array
(
[error] => Array
(
[code] => InvalidAuthenticationToken
[message] => Access token validation failure. Invalid audience.
[innerError] => Array
(
[request-id] => <reuest-id>
[date] => 2019-06-13T07:44:01
)
)
)
Я передал clientId, clientSecret, redirectUri, urlAuthorize, urlAccessToken, urlResourceOwnerDetails и получил authorizationUrl.Когда я нажимаю authorizationUrl, он правильно перенаправляет с кодом, состоянием, session_state.Я просто использую этот код и получил массив accesstoken.Используя массив accesstoken, я вызываю 'https://graph.microsoft.com/v1.0/me/'api для получения сведений о пользователе.Но получил ошибку, т.е. ошибка проверки токена доступа.Недопустимая аудитория.
На самом деле я пытаюсь войти в систему с Microsoft
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => '<cid>', // The client ID assigned to you by the provider
'clientSecret' => '<clientSecret>', // The client password assigned to you by the provider
'redirectUri' => 'https://mywebsideurl',
'urlAuthorize' => 'https://login.microsoftonline.com/<tenant_id>/oauth2/authorize',
'urlAccessToken' => 'https://login.microsoftonline.com/<tenant_id>/oauth2/token',
'urlResourceOwnerDetails' => 'https://graph.microsoft.com/v1.0/users/<my-microsoft-mail-id>',
]);
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => '<code>'
]);
$request = $provider->getAuthenticatedRequest(
'GET',
'https://graph.microsoft.com/v1.0/me/',
$accessToken
);
Ошибка:
Array
(
[error] => Array
(
[code] => InvalidAuthenticationToken
[message] => Access token validation failure. Invalid audience.
[innerError] => Array
(
[request-id] => <some id>
[date] => 2019-06-12T07:36:49
)
)
)
У меня есть ответ сервера разбора:
GuzzleHttp\Psr7\Response Object
(
[reasonPhrase:GuzzleHttp\Psr7\Response:private] => Unauthorized
[statusCode:GuzzleHttp\Psr7\Response:private] => 401
[headers:GuzzleHttp\Psr7\Response:private] => Array
(
[Content-Type] => Array
(
[0] => application/json; charset=utf-8
)
[request-id] => Array
(
[0] => <rid>
)
[client-request-id] => Array
(
[0] => <client-request-id>
)
[x-ms-ags-diagnostic] => Array
(
[0] => {"ServerInfo":{"DataCenter":"<some place name here>","Slice":"SliceC","Ring":"<some number>","ScaleUnit":"<something>","RoleInstance":"something","ADSiteName":"something"}}
)
[WWW-Authenticate] => Array
(
[0] => Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="<some id here>"
)
[Strict-Transport-Security] => Array
(
[0] => max-age=31536000
)
[Date] => Array
(
[0] => Thu, 13 Jun 2019 07:44:01 GMT
)
[Content-Length] => Array
(
[0] => <some length>
)
)
[headerNames:GuzzleHttp\Psr7\Response:private] => Array
(
[content-type] => Content-Type
[request-id] => request-id
[client-request-id] => client-request-id
[x-ms-ags-diagnostic] => x-ms-ags-diagnostic
[www-authenticate] => WWW-Authenticate
[strict-transport-security] => Strict-Transport-Security
[date] => Date
[content-length] => Content-Length
)
[protocol:GuzzleHttp\Psr7\Response:private] => 1.1
[stream:GuzzleHttp\Psr7\Response:private] => GuzzleHttp\Psr7\Stream Object
(
[stream:GuzzleHttp\Psr7\Stream:private] => Resource id #<some_id>
[size:GuzzleHttp\Psr7\Stream:private] => <some number>
[seekable:GuzzleHttp\Psr7\Stream:private] => 1
[readable:GuzzleHttp\Psr7\Stream:private] => 1
[writable:GuzzleHttp\Psr7\Stream:private] => 1
[uri:GuzzleHttp\Psr7\Stream:private] => php://temp
[customMetadata:GuzzleHttp\Psr7\Stream:private] => Array
(
)
)
)
В соответствии с моим возвратом WWW-Authenticate сервера наблюдений неправильный URL-адрес должен быть https://login.microsoftonline.com/tenant_id/oauth2/authorize.
Есть ли способ настроить WWW-Authenticate url из лазурного сервера ??