为什么我的 Azure AD 应用程序无权授予免费产品?
Why is my Azure AD application not authorized to grant free products?
我正在关注 Grant free products 文档。我的目标是向 Microsoft Store 应用的现有用户授予免费 IAP。
首先,我需要生成一个令牌以传递给客户端,以便客户端可以使用它来创建 Microsoft Store ID。我每 15 分钟这样做一次。以下是我生成此 ID 的方式:
## POST location:
https://login.microsoftonline.com/[...snip...]/oauth2/token
## Headers:
{
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'Connection': 'keep-alive',
'Content-Length': '222',
'Content-Type': 'application/x-www-form-urlencoded'
}
## Body:
grant_type=client_credentials
&client_id=[...snip...]
&client_secret=[...snip...]
&resource=https%3A%2F%2Fonestore.microsoft.com%2Fb2b%2Fkeys%2Fcreate%2Fpurchase
我得到一个看起来有效的令牌,我将其传递给客户端。然后客户端成功生成 Microsoft Store ID 并将其传回我的服务。
在服务中,我生成了另一个令牌:
## POST location:
https://login.microsoftonline.com/[...snip...]/oauth2/token
## Headers:
{
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'Connection': 'keep-alive',
'Content-Length': '189',
'Content-Type': 'application/x-www-form-urlencoded'
}
## Body:
grant_type=client_credentials
&client_id=[...snip...]
&client_secret=[...snip...]
&resource=https%3A%2F%2Fonestore.microsoft.com
使用此令牌和 Microsoft Store ID,我尝试授予免费产品:
## POST location:
https://purchase.mp.microsoft.com/v6.0/purchases/grant
## Headers:
{
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'Connection': 'keep-alive',
'Authorization': 'Bearer eyJ[...snip..]', # Generated in the preceding step
'Content-Type': 'application/json',
'Host': 'purchase.mp.microsoft.com',
'Content-Length': '1837'
}
## Body:
{
"b2bKey": "eyJ0eXA[...snip...]", # Microsoft Store ID generated client-side
"availabilityId": "9S2VX8BJ70P6", # retrieved client-side
"productId": "9ND65B119C8N", # the Store ID of a free in-app purchase
"skuId": "0010", # retrieved client-side
"language": "en-us",
"market": "ca",
"orderId": "7a75b5a2-060d-46a1-b5d3-cec646303b52" # new UUID each request
}
此请求得到一个 401 响应,响应内容如下:
{
"code":"Unauthorized",
"data":[],
"details":[],
"innererror":{
"code":"ClientIdNotAuthorized",
"data":["ClientId","[...snip...]"],
"details":[],
"message":"The client id specified in request is not authorized to use this resource",
"source":"PurchaseFD"
},
"message":"The client is not authorized to perform the requested operation.",
"source":"PurchaseFD"
}
关联的 Azure AD 应用已注册到 Windows 开发人员仪表板中的开发帐户。根据文档,它具有以下 identifierUris 部分:
"identifierUris": [
"https://onestore.microsoft.com/b2b/keys/create/purchase",
"https://onestore.microsoft.com/b2b/keys/create/collections",
"https://onestore.microsoft.com/"
],
我尝试过的事情:
当我将 skuId 或 availabilityId 更改为垃圾值时,我收到 'Requested catalog product data was not found' 400 错误,这暗示我的授权令牌至少 一些 有效事情...
发送一个 POST 到 https://purchase.mp.microsoft.com/v8.0/b2b/recurrences/query(在 these docs 之后)与预期的结果完全相同的 200 OK 响应内容 {"items":[]} .
我做错了什么?
来自 Microsoft 的某人:
I'm sorry you encountered this problem. This problem was apparently caused by a service-side bug that was fixed last week[...].
我正在关注 Grant free products 文档。我的目标是向 Microsoft Store 应用的现有用户授予免费 IAP。
首先,我需要生成一个令牌以传递给客户端,以便客户端可以使用它来创建 Microsoft Store ID。我每 15 分钟这样做一次。以下是我生成此 ID 的方式:
## POST location:
https://login.microsoftonline.com/[...snip...]/oauth2/token
## Headers:
{
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'Connection': 'keep-alive',
'Content-Length': '222',
'Content-Type': 'application/x-www-form-urlencoded'
}
## Body:
grant_type=client_credentials
&client_id=[...snip...]
&client_secret=[...snip...]
&resource=https%3A%2F%2Fonestore.microsoft.com%2Fb2b%2Fkeys%2Fcreate%2Fpurchase
我得到一个看起来有效的令牌,我将其传递给客户端。然后客户端成功生成 Microsoft Store ID 并将其传回我的服务。
在服务中,我生成了另一个令牌:
## POST location:
https://login.microsoftonline.com/[...snip...]/oauth2/token
## Headers:
{
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'Connection': 'keep-alive',
'Content-Length': '189',
'Content-Type': 'application/x-www-form-urlencoded'
}
## Body:
grant_type=client_credentials
&client_id=[...snip...]
&client_secret=[...snip...]
&resource=https%3A%2F%2Fonestore.microsoft.com
使用此令牌和 Microsoft Store ID,我尝试授予免费产品:
## POST location:
https://purchase.mp.microsoft.com/v6.0/purchases/grant
## Headers:
{
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': '*/*',
'Connection': 'keep-alive',
'Authorization': 'Bearer eyJ[...snip..]', # Generated in the preceding step
'Content-Type': 'application/json',
'Host': 'purchase.mp.microsoft.com',
'Content-Length': '1837'
}
## Body:
{
"b2bKey": "eyJ0eXA[...snip...]", # Microsoft Store ID generated client-side
"availabilityId": "9S2VX8BJ70P6", # retrieved client-side
"productId": "9ND65B119C8N", # the Store ID of a free in-app purchase
"skuId": "0010", # retrieved client-side
"language": "en-us",
"market": "ca",
"orderId": "7a75b5a2-060d-46a1-b5d3-cec646303b52" # new UUID each request
}
此请求得到一个 401 响应,响应内容如下:
{
"code":"Unauthorized",
"data":[],
"details":[],
"innererror":{
"code":"ClientIdNotAuthorized",
"data":["ClientId","[...snip...]"],
"details":[],
"message":"The client id specified in request is not authorized to use this resource",
"source":"PurchaseFD"
},
"message":"The client is not authorized to perform the requested operation.",
"source":"PurchaseFD"
}
关联的 Azure AD 应用已注册到 Windows 开发人员仪表板中的开发帐户。根据文档,它具有以下 identifierUris 部分:
"identifierUris": [
"https://onestore.microsoft.com/b2b/keys/create/purchase",
"https://onestore.microsoft.com/b2b/keys/create/collections",
"https://onestore.microsoft.com/"
],
我尝试过的事情:
当我将 skuId 或 availabilityId 更改为垃圾值时,我收到 'Requested catalog product data was not found' 400 错误,这暗示我的授权令牌至少 一些 有效事情...
发送一个 POST 到 https://purchase.mp.microsoft.com/v8.0/b2b/recurrences/query(在 these docs 之后)与预期的结果完全相同的 200 OK 响应内容 {"items":[]} .
我做错了什么?
来自 Microsoft 的某人:
I'm sorry you encountered this problem. This problem was apparently caused by a service-side bug that was fixed last week[...].