Expo 身份验证从 Azure AD 接收无效的 JWT
Expo authentication receiving invalid JWT from Azure AD
我一直在尝试将 Azure 身份验证添加到 React Native Expo 项目,但是返回的 JWT 无效,这是因为 JWT 的 header 仅包含 0.
这是 JWT 的示例
0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA
这是我要求用户验证自己的代码,它使用 expo-auth-session 包(原始来源:https://docs.expo.dev/guides/authentication/#azure)
const config = {
clientId: '<ClientID>',
scopes: ['openid', 'profile', 'email', 'offline_access'],
redirectUri: AuthSession.makeRedirectUri({
scheme: 'com.app.scheme'
}),
};
//AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/common/v2.0')
AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token')
.then((discovery: any) => {
AuthSession.loadAsync(config, discovery).then(async (session: any) => {
// Create a request.
const request = new AuthSession.AuthRequest(config);
// Prompt for an auth code
const authResponse = await request.promptAsync(discovery, { useProxy: false });
if(authResponse.type == "success"){
console.log(authResponse); // Output response
}
});
});
实际回复
Object {
"authentication": null,
"error": null,
"errorCode": null,
"params": Object {
"code": "0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA",
"session_state": "3a4dd9ab-dc3e-4843-a83b-092508291eb3",
"state": "S4L5Zv3s2e",
},
"type": "success",
"url": "exp://127.0.0.1:19000/?code=0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA&state=S4L5Zv3s2e&session_state=3a4dd9ab-dc3e-4843-a83b-092508291eb3",
}
还有其他人遇到过这个问题吗?
我已经解决了我的问题我只做了 Microsoft 流程的一部分。如上所示,我收到了需要发送回 Microsoft AD 以获得所需访问令牌的代码。使用的端点见下文:
https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token
如果您遇到这个问题,这里有一些额外的阅读:
https://github.com/pinecat/azure-ad-graph-expo#readme
感谢您的宝贵时间和信息!
您仅请求返回代码,代码随后应调用 exchangeCodeAsync 以获取实际令牌。如果您想要预先获得访问令牌,则需要将 responseType: ResponseType.Token 添加到您的身份验证请求中。
我一直在尝试将 Azure 身份验证添加到 React Native Expo 项目,但是返回的 JWT 无效,这是因为 JWT 的 header 仅包含 0.
这是 JWT 的示例
0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA
这是我要求用户验证自己的代码,它使用 expo-auth-session 包(原始来源:https://docs.expo.dev/guides/authentication/#azure)
const config = {
clientId: '<ClientID>',
scopes: ['openid', 'profile', 'email', 'offline_access'],
redirectUri: AuthSession.makeRedirectUri({
scheme: 'com.app.scheme'
}),
};
//AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/common/v2.0')
AuthSession.fetchDiscoveryAsync('https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token')
.then((discovery: any) => {
AuthSession.loadAsync(config, discovery).then(async (session: any) => {
// Create a request.
const request = new AuthSession.AuthRequest(config);
// Prompt for an auth code
const authResponse = await request.promptAsync(discovery, { useProxy: false });
if(authResponse.type == "success"){
console.log(authResponse); // Output response
}
});
});
实际回复
Object {
"authentication": null,
"error": null,
"errorCode": null,
"params": Object {
"code": "0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA",
"session_state": "3a4dd9ab-dc3e-4843-a83b-092508291eb3",
"state": "S4L5Zv3s2e",
},
"type": "success",
"url": "exp://127.0.0.1:19000/?code=0.ATEA7JbGdftbkkiaDJGHqQYc1kmK7JAYxvNBniuMLWgKB107AAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrakIcp8mdE4FP9aquQ15XWxHqu9XpsspJ7wrvbA6uOzmrmTbqH-Orxxa9yI6KOYbBjPyVrQ49tHg-HLGFip2g4l_J82odcLMz6yTiHRnOPbnZZtsM8k_HQDUxJ7vsgCwmGkmhYmMcyT5QIrgRjn6HmYK9cPAsqQBF6KfQcFDdslvkRwCyqYWHNapF3oRnhwvQys2LYqcQhujFJngGqcMjdBmxpx0S2LsGlI49uG49Eonxm8T1Epb21qfA6U-gGsdW5LElm8fI4TmpAHtQzy4rhJf75pmkCq7WJV8XuOs4WdB03LWUgs5cDZR7JFpIvbyhcQPYzVspg-6DpwVxhtMpUegEapOLMjRHJQIOCMDs2p_Uk1cz1Qd52fRGD9JH_TNC0Qi0_eFHAlZyQUDvI19-dCUat51aYM2T84rKJXFMOscqnrvtqZSdwZvJYSLLv--YwmBskLXte1BdSIDJ43AtCPprUIM71jNkcX-BwcSqmcVdqcWhqZPf3T01E-u8fnuvGFkooAzT5omER4C9Mt5XqcbQ8phr-ig4j-hQEKU_bE8_2U9jVqdK0hzL1ylPko1c_aohAZrmyyB_hfCOvdPDsUm5_EEN9JUI0Jawl_XM2DSVMyrPzwTp8CiR6VDcAhednqVsFz3wHsQMbaqFeNPqELp9nq9i9J1TRltUXvTCY2r692By4CzDTe2HpM0633fhLPe6PHR7PZLq0ILSyBBx5nCq2Z4-xotlw4LDC88ocuggAA&state=S4L5Zv3s2e&session_state=3a4dd9ab-dc3e-4843-a83b-092508291eb3",
}
还有其他人遇到过这个问题吗?
我已经解决了我的问题我只做了 Microsoft 流程的一部分。如上所示,我收到了需要发送回 Microsoft AD 以获得所需访问令牌的代码。使用的端点见下文:
https://login.microsoftonline.com/<TenentID>/oauth2/v2.0/token
如果您遇到这个问题,这里有一些额外的阅读:
https://github.com/pinecat/azure-ad-graph-expo#readme
感谢您的宝贵时间和信息!
您仅请求返回代码,代码随后应调用 exchangeCodeAsync 以获取实际令牌。如果您想要预先获得访问令牌,则需要将 responseType: ResponseType.Token 添加到您的身份验证请求中。