1. 技术文章
  2. OneDrive Code Flow Public clients can't send a client secret - Node.js

OneDrive Code Flow Public clients can't send a client secret - Node.js

余生颓废 提交于 2020-01-07 05:12:04

问题


hey guys I want to create access to my onedrive account to upload file via node.js from my home pc windows.

I created a app at https://apps.dev.microsoft.com
Also I created a client secret there and added a web platform and changed the redirect url from localhost to https://login.live.com/oauth20_desktop.srf

Then I used this link in my browser https://login.live.com/oauth20_authorize.srf?client_id=ab82982b-4dxxxxxxxxxxxxxxxxx&scope=files.readwrite.all&response_type=code

The Url from my browser changed to https://login.live.com/oauth20_desktop.srf?code=M494a5b9fxxxxxxxxxxxxxxxxxxxxxxx&lc=1031

Then I make a POST Request like they told on https://dev.onedrive.com/auth/graph_oauth.htm

with 

request({
  uri: "https://login.microsoftonline.com/common/oauth2/v2.0/token?"
  + "&client_id=ab82982b-4dbe-4c6b-a1fe-2d60d01709fd&"
  + "client_secret=TkYZhYyuEiSoqhCxbh4Dqh3"
  + "&code=M494a5b9f-5577-3454-a78c-cef649a512c0"
  + "&grant_type=authorization_code",
  method: "POST",
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded'
  }
}, function(error, response, body) {
  console.log('body: ', body);
});

But the output is

body:  {"error":"invalid_request","error_description":"AADSTS90014: The 
request body must contain the following parameter: 'grant_type'.\r\nTrace 
ID:
de2c2dxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\r\nCorrelation ID: 
de2f8b83xxxxxxxxxxxxxxxxxxxxxxxxx\r\nTimestamp: 2017-07-31 13:40:52Z","error_codes":[90014]
,"timestamp":"2017-07-31 13:40:52Z","trace_id":"de2c2da2xxxxxxxxxxxxxxxxxxx","correlation_id":"de2f8b8xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}

Please help I struggle so hard with this API token stuff ..

EDIT from the comment below I changed too

request.post({url:'https://login.microsoftonline.com/common/oauth2/v2.0/token', form: {
    redirect_uri: 'https://login.live.com/oauth20_desktop.srf',
    client_id: 'abf3247c-d56a-xxxxxxxxxxxxxxxxxxxxx',
    client_secret: '3o6xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
    code: 'M8aad1bcf-xxxxxxxxxxxxxxxxxxxxxxxxxx',
    grant_type: 'authorization_code'
}
}, function(err,httpResponse,body){ /* ... */ 
console.log('err: ' + err)
console.log('body: ' + body)
})

But now I get "error":"invalid_request","error_description":"AADSTS90023: Public clients can't send a client secret.

I google this and read that I cant make client secret request with desktop apllications. But I created a web application at https://apps.dev.microsoft.com

Also I delete the client secret from the request I get error that the redirect url is wrong. Please send me working code examples I struggle with this now for several days ..

This is so difficult aaaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhh :D Please help


回答1:


Have your this question been opened yet? It seems that you want to retrieve access token and refresh token. If I misunderstand your question, I'm sorry.

I think that your modified script for retrieving access token is not wrong. Please confirm the authorization flow again.

  1. Add application at https://apps.dev.microsoft.com/
  2. Input Application Name. In this case, don't use Guided Setup
  3. Create Application secret.
  4. Platform is web. In this case, redirect URL is http://localhost
  5. Retrieve code from https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=### Application ID ###&scope=offline_access%20files.readwrite.all&response_type=code&redirect_uri=http://localhost
    • Please inport above URL to your browser, and retrive the code from redirected URL.
    • Here, in order to upload files, it includes files.readwrite.all in the scope.
    • Refresh token can be retrieved by including offline_access to the scope.
  6. Run the following your script to retrieve access token and refresh token.

Script :

request.post({
    url:'https://login.microsoftonline.com/common/oauth2/v2.0/token',
    form: {
        redirect_uri: 'http://localhost',
        client_id: 'abf3247c-d56a-xxxxxxxxxxxxxxxxxxxxx',
        client_secret: '3o6xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
        code: 'M8aad1bcf-xxxxxxxxxxxxxxxxxxxxxxxxxx',
        grant_type: 'authorization_code'
    }
}, function(err,httpResponse,body){
    console.log('body: ' + body)
});

Response :

You can retrieve following response.

{
  "token_type": "Bearer",
  "scope": "Files.ReadWrite.All",
  "expires_in": 3600,
  "ext_expi
res_in": 0,
  "access_token": "#####",
  "refresh_token": "#####"
}

If this is not a solution for you, I'm sorry.

Script for retrieving access token from refresh token :

request.post({
    url:'https://login.microsoftonline.com/common/oauth2/v2.0/token',
    form: {
        redirect_uri: 'http://localhost',
        client_id: 'abf3247c-d56a-xxxxxxxxxxxxxxxxxxxxx',
        client_secret: '3o6xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
        refresh_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxx',
        grant_type: 'refresh_token'
    }
}, function(err,httpResponse,body){
    console.log('body: ' + body)
});


来源:https://stackoverflow.com/questions/45404855/onedrive-code-flow-public-clients-cant-send-a-client-secret-node-js

标签
node.js
onedrive
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!