ADFS 3.0 + Oauth2.0

搭建 ADFS 之后,默認(rèn)已經(jīng)開啟了 Oauth2.0.

注意添加或者使用已有的 信賴方信任 , 增加一個自己的標(biāo)識符

參考 https://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html

http://www.gi-architects.co.uk/2016/04/setup-oauth2-on-adfs-3-0/

如果遇到:
error=invalid_resource&error_description=MSIS9602%3a+The+received+%27resource%27+parameter+is+invalid.+The+authorization+server+can+not+find+a+registered+resource+with+the+specified+identifier.
說明 未信任 或者 標(biāo)識符傳錯了

以下為具體的實驗過程:

  1. powershell Add-ADFSClient -Name "OAUTH2 Test Client" -ClientId "todd" -RedirectUri "http://192.168.0.20:3000/getAToken"

  2. https://win-r9jnunkcelj.rinsys.com/adfs/oauth2/authorize?response_type=code&client_id=todd&resource=urn%3Arelying%3Aparty%3Atrust%3Aidentifier&redirect_uri=http%3A%2F%2F192.168.0.20%3A3000%2FgetAToken
    ->
    https://win-r9jnunkcelj.rinsys.com/adfs/oauth2/authorize?response_type=code&client_id=todd&resource=urn:relying:party:trust:identifier&redirect_uri=http://192.168.0.20:3000/getAToken

  3. 跳轉(zhuǎn)回來
    http://192.168.0.20:3000/getAToken?code=e2mLrbaVpE2FWqoMNi22mA.8HELk0v51ggBAJG8n-ZHcAqXb_g.ZkFq_HFfJaGRVlahEtt4UObe790oNKRkLs3j4vDpOWCOZO3X3Pk4nSiuPmbVCcUaCxbuB8g6FvEP-6c6NpUBleJ0ONsSL3qoNuaY1WtWZI2jXvvpB3NEIyQa6YB8TD3qfojLmjWiqqrcHp6KpDj2FOiCM1dZ3TUee5JNJkT9h9LqjuVdDOQiGvoU8XNTkPodxB2V9pLWO3jNzjXrafO38A1eEj2ZsvxvYOU1Fa_ufQnsE49deV2pAln7NpPOMxDt-DKOguT9USLaryQz9Unfo5iQJzCD66TqLYNSctLdw7_L8P3DcjFnKAKXK4vq5a75FunE664FqftEs5FLYzfTDg

發(fā)送
POST /adfs/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: your.adfs.server
Content-Length: <some number>

grant_type=authorization_code&client_id=some-uid-or-other&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2FgetAToken&code=thecode

遇到錯誤:
{
"error": "invalid_request",
"error_description": "MSIS9609: The 'redirect_uri' parameter is invalid. No redirect uri with the specified value is registered for the received 'client_id'. "
}
特么的 竟然是因為 URL encode 了 redirect_uri . 因為是 POST,不用encode 這個參數(shù).

5.獲取Token:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjBzTVZIOXlVdFlyaFhCd0hOcTdRejZrRm5XZyJ9.eyJhdWQiOiJ1cm46cmVseWluZzpwYXJ0eTp0cnVzdDppZGVudGlmaWVyIiwiaXNzIjoiaHR0cDovL1dJTi1SOUpOVU5LQ0VMSi5yaW5zeXMuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NjE0NTQzOTQsImV4cCI6MTU2MTQ1Nzk5NCwidXBuIjoiQWRtaW5pc3RyYXRvckByaW5zeXMuY29tIiwidWlkIjoiQWRtaW5pc3RyYXRvciIsInN1YiI6ImFkbWluaXN0cmF0b3JAcmluc3lzLmNvbSIsImF1dGhfdGltZSI6IjIwMTktMDYtMjVUMDk6MDA6MzAuMTAyWiIsImF1dGhtZXRob2QiOiJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydCIsInZlciI6IjEuMCIsImFwcGlkIjoidG9kZCJ9.R7YOyp986M6sYPrjyCI5JAVEZ0XTat9i89Hi8PeV4xQbe5NLrjO6CqpN2v_C_sCj5PgGyBMkAHKX4Bgyf3s4eisilrsU7t08td2nYU05rzHL8IHF_Emv0B2s0OsbY5kkACI8iYAW0rQ7ZpfUitWgygTR-GtvBnZfAfn65OpEX87Gt_x6hXL88Oacia9Le1tBFX3MiK3ShrsIv4LrSaFw5HxfN_yfieZqxndmuXOL3tcna1jyamUdmMa4WcfdNwSRlxwVlUZvbGYxSHXgSwfUvak_zkekAEFI5QtNup85ZBp1JPehlXePOBLJ_ZGErIbt-5lmHT6uX2H--qKGEFbYeg",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "_bhAioyNOFP-uPNqFdMUf3SW4RIyMaRcW1uFsnTohr4AAQAAKHBS9_LiM8OMqOH7mNv6JT_D1fm3LilU-bJGPi-6uHvW-mSkDHqgqy2JhdAocmsNZ08Duzcf6PV5pO9Z-CX-4EvuYTC7silc043QLXl1MOOxhw2V5sC6hrjO5BsUWXLRoGKerWrCAaW1TwS1bb9G1XtTgGigX2UjvcN8Z0u9_RV-"
}

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容