我正在尝试使用 MSAL 和 Azure AD B2C 在 iOS 应用程序中实现登录。
我尝试在 Azure 上设置多个应用程序并添加多个策略,但都没有用。
我正在这样设置应用程序:
self.application = try MSALPublicClientApplication(clientId: kClientID,
authority: try getAuthority(forPolicy: kSignupOrSigninPolicy),
redirectUri: "msal{my-code-from-azure}://auth")
这是授权代码:
func authorize() {
do {
let authority = try self.getAuthority(forPolicy: self.kSignupOrSigninPolicy)
let parameters = MSALInteractiveTokenParameters(scopes: kScopes)
parameters.authority = authority
application.acquireToken(with: parameters) { (result, error) in
if let result = result {
self.accessToken = result.accessToken
print("Access token is \(self.accessToken ?? "Empty")")
} else {
print("Could not acquire token: \(error ?? "No error informarion" as? Error)")
}
}
} catch {
print("Unable to create authority \(error)")
}
}
这是创建应用程序时的日志:
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:22:40] Default app's access group: "Masked(not-null)".
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:22:40] Using "Masked(not-null)" Team ID.
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:22:40] Init MSIDKeychainTokenCache with keychainGroup: Masked(not-null)
这是执行登录时的日志:
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:(
"https://{my-url}/user_impersonation"
)
extraScopesToConsent:(null)
account:Masked(null)
loginHint:Masked(null)
promptType:MSALPromptTypePromptIfNecessary
extraQueryParameters:(null)
authority:<MSALB2CAuthority: 0x600000371860>
webviewType:MSALWebviewTypeDefault
customWebview:No
correlationId:(null)
capabilities:(null)
claimsRequest:(null)]
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Beginning interactive flow.
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Resolving authority: Masked(not-null), upn: Masked(null)
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Resolved authority, validated: YES, error: 0
2019-08-07 13:32:33.320511+0200 PodMe[59184:4374853] [MC] System group container for systemgroup.com.apple.configurationprofiles path is /Users/user/Library/Developer/CoreSimulator/Devices/7F6AB8AB-D024-4FA1-BC2D-9D5CC042BA79/data/Containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles
2019-08-07 13:32:33.322370+0200 PodMe[59184:4374853] [MC] Reading from private effective user settings.
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] No cached preferred_network for authority
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50] Failed to initialize issuer authority with error MSIDErrorDomain, -51112
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] Unsuccessful token response, error MaskedError(MSIDErrorDomain, -51100)
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Interactive flow finished result (null), error: -51100 error domain: MSIDErrorDomain
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] acquireToken returning with error: (MSALErrorDomain, -50000) Masked(not-null)
Could not acquire token: Optional(Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authentication response received without expected accessToken, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=E1C7D48B-1947-41F1-AAC4-33A6C533019E})
最佳答案
截至 2020 年 7 月 17 日,要使示例正常工作,需要注意以下事项:
他们说:
<key>CFBundleURLSchemes</key>
<array>
<string>msalyour-client-id-here</string>
</array>
样本是:msal
这是不正确的。正确的格式在 https://github.com/AzureAD/microsoft-authentication-library-for-objc 中
特别是:msauth.[BUNDLE_ID] 格式
此外,确保在门户上,重定向是“msauth.[BUNDLE_ID]://auth”格式
这应该可以解决问题。
就个人而言,我犯了一个错误,没有给予我错误 51100 的许可。不过那只是我。
https://stackoverflow.com/questions/57393573/
相关文章:
apache-spark - 将数据从 Spark Structured Streaming 加载到
javascript - ag-grid:根据rowNode内容在fullRow编辑和单个单元格编辑
ruby - Rails 5 使用 Devise 和 acts_as_tenant
javascript - 使用 Vue I18n 和大内容文本 html 的最佳方式
pandas - future 警告 : Passing datetime64-dtype data
react-native - 异步/等待函数返回 _40 : 0, _65 : 0, _55 : n