"Missing grant-type parameter" 在 Auth0 委托端点调用中
"Missing grant-type parameter" in Auth0 Delegation endpoint call
我正在尝试使用以下请求从 Postman 调用 (POST) Auth0 委托端点,正如 Auth0 所建议的那样:
Content-Type: 'application/json'
{
"client_id": "{CLIENT_ID}",
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"id_token": "{YOUR_ID_TOKEN}",
"target": "lwTL1rYVfC0KsBUFPeKWY3HvGjbIgdDM",
"api_type": "salesforce_api",
"scope": "openid"
}
我收到此错误,即使 grant_type 参数 是 包含在上述请求中:
{
"error": "invalid_request",
"error_description": "Missing grant_type parameter"
}
我做错了什么?
来自 Auth0 的新 OIDC Conformant Authentication 文档:
Delegation
Given that ID tokens should no longer be used as API tokens and that refresh tokens should be used only at the token endpoint, this endpoint is now considered deprecated.
At the moment there is no OIDC-compliant mechanism to obtain third-party API tokens. In order to facilitate a gradual migration to the new authentication pipeline, delegation can still be used to obtain third-party API tokens. This will be deprecated in future releases.
此外,来自 Auth0 的 Using AWS with Tokens 文档:
Legacy Grant Types
As of 8 June 2017, new Auth0 customers cannot add any of the legacy grant types to their clients, which are required for use with the Delegation endpoint. Legacy grant types are only available for previous customers while they migrate to new flows, to avoid breaking changes. To find the secure alternative for your case refer to Secure Alternatives to the Legacy Grant Types.
进一步阅读 Secure Alternatives to the Legacy Grant Types link:
Legacy Grant Type
http://auth0.com/oauth/legacy/grant-type/ro/jwt-bearer
Alternative
This feature is disabled by default. If you would like this feature enabled, please contact support to discuss your use case and prevent the possibility of introducing security vulnerabilities.
还可以找到有关遗留赠款类型的更多信息here。
所以,您遇到的问题是委派已被弃用。这意味着 /delegation 端点以及更重要的 jwt-bearer 授权类型已被弃用。如果您是新客户,那您就不走运了。如果您是现有客户,则需要联系支持人员以启用它。
至于为什么 Postman returns 神秘的 "Missing grant_type parameter" 错误与其他基于浏览器扩展的 REST 客户端得到的更好的 "Grant type 'http://auth0.com/oauth/legacy/grant-type/delegation/id_token not allowed for the client." 错误相反,您的猜测与我的
我正在尝试使用以下请求从 Postman 调用 (POST) Auth0 委托端点,正如 Auth0 所建议的那样:
Content-Type: 'application/json'
{
"client_id": "{CLIENT_ID}",
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"id_token": "{YOUR_ID_TOKEN}",
"target": "lwTL1rYVfC0KsBUFPeKWY3HvGjbIgdDM",
"api_type": "salesforce_api",
"scope": "openid"
}
我收到此错误,即使 grant_type 参数 是 包含在上述请求中:
{
"error": "invalid_request",
"error_description": "Missing grant_type parameter"
}
我做错了什么?
来自 Auth0 的新 OIDC Conformant Authentication 文档:
Delegation
Given that ID tokens should no longer be used as API tokens and that refresh tokens should be used only at the token endpoint, this endpoint is now considered deprecated.
At the moment there is no OIDC-compliant mechanism to obtain third-party API tokens. In order to facilitate a gradual migration to the new authentication pipeline, delegation can still be used to obtain third-party API tokens. This will be deprecated in future releases.
此外,来自 Auth0 的 Using AWS with Tokens 文档:
Legacy Grant Types
As of 8 June 2017, new Auth0 customers cannot add any of the legacy grant types to their clients, which are required for use with the Delegation endpoint. Legacy grant types are only available for previous customers while they migrate to new flows, to avoid breaking changes. To find the secure alternative for your case refer to Secure Alternatives to the Legacy Grant Types.
进一步阅读 Secure Alternatives to the Legacy Grant Types link:
Legacy Grant Type
http://auth0.com/oauth/legacy/grant-type/ro/jwt-bearer
AlternativeThis feature is disabled by default. If you would like this feature enabled, please contact support to discuss your use case and prevent the possibility of introducing security vulnerabilities.
还可以找到有关遗留赠款类型的更多信息here。
所以,您遇到的问题是委派已被弃用。这意味着 /delegation 端点以及更重要的 jwt-bearer 授权类型已被弃用。如果您是新客户,那您就不走运了。如果您是现有客户,则需要联系支持人员以启用它。
至于为什么 Postman returns 神秘的 "Missing grant_type parameter" 错误与其他基于浏览器扩展的 REST 客户端得到的更好的 "Grant type 'http://auth0.com/oauth/legacy/grant-type/delegation/id_token not allowed for the client." 错误相反,您的猜测与我的