我正在尝试使用 MSAL 和 Azure AD B2C 在 iOS 应用程序中实现登录。

我尝试在 Azure 上设置多个应用程序并添加多个策略，但都没有用。

我正在这样设置应用程序:

self.application = try MSALPublicClientApplication(clientId: kClientID,
                                                               authority: try getAuthority(forPolicy: kSignupOrSigninPolicy),
                                                               redirectUri: "msal{my-code-from-azure}://auth")

这是授权代码:

func authorize() {
        do {

            let authority = try self.getAuthority(forPolicy: self.kSignupOrSigninPolicy)

            let parameters = MSALInteractiveTokenParameters(scopes: kScopes)
            parameters.authority = authority
            application.acquireToken(with: parameters) { (result, error) in
                if let result = result {
                    self.accessToken = result.accessToken
                    print("Access token is \(self.accessToken ?? "Empty")")
                } else {
                    print("Could not acquire token: \(error ?? "No error informarion" as? Error)")
                }
            }
        } catch {
            print("Unable to create authority \(error)")
        }
    }

这是创建应用程序时的日志:

%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:22:40] Default app's access group: "Masked(not-null)".
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:22:40] Using "Masked(not-null)" Team ID.
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:22:40] Init MSIDKeychainTokenCache with keychainGroup: Masked(not-null)

这是执行登录时的日志:

%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:(
    "https://{my-url}/user_impersonation"
)
                                     extraScopesToConsent:(null)
                                                  account:Masked(null)
                                                loginHint:Masked(null)
                                               promptType:MSALPromptTypePromptIfNecessary
                                     extraQueryParameters:(null)
                                                authority:<MSALB2CAuthority: 0x600000371860>
                                              webviewType:MSALWebviewTypeDefault
                                            customWebview:No
                                            correlationId:(null)
                                             capabilities:(null)
                                            claimsRequest:(null)]
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Beginning interactive flow.
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Resolving authority: Masked(not-null), upn: Masked(null)
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:27 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Resolved authority, validated: YES, error: 0
2019-08-07 13:32:33.320511+0200 PodMe[59184:4374853] [MC] System group container for systemgroup.com.apple.configurationprofiles path is /Users/user/Library/Developer/CoreSimulator/Devices/7F6AB8AB-D024-4FA1-BC2D-9D5CC042BA79/data/Containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles
2019-08-07 13:32:33.322370+0200 PodMe[59184:4374853] [MC] Reading from private effective user settings.
%@ TID=4374853 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] No cached preferred_network for authority
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50] Failed to initialize issuer authority with error MSIDErrorDomain, -51112
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] Unsuccessful token response, error MaskedError(MSIDErrorDomain, -51100)
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] Interactive flow finished result (null), error: -51100 error domain: MSIDErrorDomain
%@ TID=4379306 MSAL 0.5.0 iOS Sim 12.2 [2019-08-07 11:32:50 - E1C7D48B-1947-41F1-AAC4-33A6C533019E] [MSAL] acquireToken returning with error: (MSALErrorDomain, -50000) Masked(not-null)
Could not acquire token: Optional(Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authentication response received without expected accessToken, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=E1C7D48B-1947-41F1-AAC4-33A6C533019E})

最佳答案

截至 2020 年 7 月 17 日，要使示例正常工作，需要注意以下事项:

1. 文档来自 https://learn.microsoft.com/en-us/samples/azure-samples/active-directory-b2c-ios-swift-native-msal/microsoft-authentication-library-b2c-ios/和 https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal有一个错误。

他们说:

<key>CFBundleURLSchemes</key>
            <array>
                <string>msalyour-client-id-here</string>
            </array>

样本是:msal

这是不正确的。正确的格式在 https://github.com/AzureAD/microsoft-authentication-library-for-objc 中

特别是:msauth.[BUNDLE_ID] 格式

此外，确保在门户上，重定向是“msauth.[BUNDLE_ID]://auth”格式

这应该可以解决问题。

就个人而言，我犯了一个错误，没有给予我错误 51100 的许可。不过那只是我。

https://stackoverflow.com/questions/57393573/