我正在尝试开发一个VueJS单页应用程序,该应用程序将您登录到AAD,以便我可以获取访问令牌以调用各种API(例如Graph)。
用户登录后,您必须获取令牌,并且有两种方法可以这样做:静默(如果失败,请使用重定向体验)。
但是,我无法使用两种方法来获取令牌:
export default class AuthService {
constructor() {
console.log('[AuthService.constructor] started constructor');
this.app = new Msal.PublicClientApplication(msalConfig);
this.signInType = 'loginRedirect';
}
init = async () => {
console.log('[AuthService.init] started init');
await this.app.handleRedirectPromise().catch(error => {
console.log(error);
});
try {
let signedInUser = this.app.getAllAccounts()[0];
// if no accounts, perform signin
if (signedInUser === undefined) {
alert(this.app.getAllAccounts().length == 0)
await this.signIn();
signedInUser = this.app.getAllAccounts()[0];
console.log("user has been forced to sign in")
}
console.log("Signed in user is: ", signedInUser);
// Acquire Graph token
try {
var graphToken = await this.app.acquireTokenSilent(authScopes.graphApi);
console.log("(Silent) Graph token is ", graphToken);
alert(graphToken);
} catch (error) {
alert("Error when using silent: " + error)
try {
var graphToken = await this.app.acquireTokenRedirect(authScopes.graphApi);
} catch (error) {
alert ("Error when using redirect is: " + error)
}
alert("(Redirect) Graph token is " + graphToken);
}
} catch (error) {
console.log('[AuthService.init] handleRedirectPromise error', error);
}
}
signIn = async () => {
console.log('[AuthService.signIn] signInType:', this.signInType);
this.app.loginRedirect("user.read", "https://xxx.azurewebsites.net/user_impersonation");
}
signOut = () => {
this.app.logout();
}
}
加载SPA后,我将重定向到AAD登录页面。
然后,我得到以下警报提示:
使用静默时发生错误:ClientAuthError:no_account_in_silent_request:请传递一个帐户对象,没有帐户信息时不支持静默流
使用重定向时发生的错误是:BrowserAuthError:interact_in_progress:正在进行交互。在调用交互式API之前,请确保此交互已完成。
(重定向)图形令牌未定义
即使我已登录,为什么acquireTokenSilent
仍未登录?
那是什么BrowserAuthError: interaction_in_progress
意思呢?我在网上进行了搜索,发现的唯一结果是因为有人使用了过时的msal-browser版本。就我而言,我使用的是最新版本和最新版本(v2.0.1)。
更新1:
我使用以下代码摘录修复了无提示令牌获取:
const silentRequest = {
account: signedInUser,
scopes: authScopes.graphApi.scopes1
}
var graphToken = await this.app.acquireTokenSilent(silentRequest);
好像我以错误的格式传递了我的范围(即应该传递一个数组,它实际上不是一个数组!)
但是,Microsoft文档中如何使用存在差异 acquireTokenSilent
在这里,我们被告知只需将一组范围传递给该acquireTokenSilent
方法。但是,在这里,我们被告知还必须在范围旁边传递accountInfo。
让我们看看我acquireTokenRedirect
现在是否可以开始工作...
更新2:经过反复的尝试,我终于开始acquireTokenRedirect
工作了。
import * as Msal from '@azure/msal-browser';
const msalConfig = {
auth: {
clientId: "XYZ",
authority: "ABC",
},
cache: {
cacheLocation: 'localStorage',
storeAuthStateInCookie: true
}
};
export default class AuthenticationService {
constructor() {
this.app = new Msal.PublicClientApplication(msalConfig)
}
init = async () => {
try {
let tokenResponse = await this.app.handleRedirectPromise();
let accountObj;
if (tokenResponse) {
accountObj = tokenResponse.account;
} else {
accountObj = this.app.getAllAccounts()[0];
}
if (accountObj && tokenResponse) {
console.log("[AuthService.init] Got valid accountObj and tokenResponse")
} else if (accountObj) {
console.log("[AuthService.init] User has logged in, but no tokens.");
try {
tokenResponse = await this.app.acquireTokenSilent({
account: this.app.getAllAccounts()[0],
scopes: ["user.read"]
})
} catch(err) {
await this.app.acquireTokenRedirect({scopes: ["user.read"]});
}
} else {
console.log("[AuthService.init] No accountObject or tokenResponse present. User must now login.");
await this.app.loginRedirect({scopes: ["user.read"]})
}
} catch (error) {
console.error("[AuthService.init] Failed to handleRedirectPromise()", error)
}
}
}
不得不经历一些试验和错误,但终于acquireTokenRedirect
成功工作了,以下摘录可能对其他人有所帮助:
import * as Msal from '@azure/msal-browser';
const msalConfig = {
auth: {
clientId: "XYZ",
authority: "ABC",
},
cache: {
cacheLocation: 'localStorage',
storeAuthStateInCookie: true
}
};
export default class AuthenticationService {
constructor() {
this.app = new Msal.PublicClientApplication(msalConfig)
}
init = async () => {
try {
let tokenResponse = await this.app.handleRedirectPromise();
let accountObj;
if (tokenResponse) {
accountObj = tokenResponse.account;
} else {
accountObj = this.app.getAllAccounts()[0];
}
if (accountObj && tokenResponse) {
console.log("[AuthService.init] Got valid accountObj and tokenResponse")
} else if (accountObj) {
console.log("[AuthService.init] User has logged in, but no tokens.");
try {
tokenResponse = await this.app.acquireTokenSilent({
account: this.app.getAllAccounts()[0],
scopes: ["user.read"]
})
} catch(err) {
await this.app.acquireTokenRedirect({scopes: ["user.read"]});
}
} else {
console.log("[AuthService.init] No accountObject or tokenResponse present. User must now login.");
await this.app.loginRedirect({scopes: ["user.read"]})
}
} catch (error) {
console.error("[AuthService.init] Failed to handleRedirectPromise()", error)
}
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句