问题
I am trying to get Graph API token on behal of the user. I am following this document https://docs.microsoft.com/en-us/graph/auth-v2-user and everything works well until the step 3 Get a Token. Here is the code I am using:
Add-Type -AssemblyName System.Web
$clientIDEncoded = [System.Web.HttpUtility]::UrlEncode($clientid)
$redirectUriEncoded = [System.Web.HttpUtility]::UrlEncode("https://login.live.com/oauth20_desktop.srf")
$scopeEncoded = [System.Web.HttpUtility]::UrlEncode("https://graph.microsoft.com/.default")
Function Get-AuthCode {
Add-Type -AssemblyName System.Windows.Forms
$form = New-Object -TypeName System.Windows.Forms.Form -Property @{Width=440;Height=640}
$web = New-Object -TypeName System.Windows.Forms.WebBrowser -Property @{Width=420;Height=600;Url=($url -f ($Scope)) }
$DocComp = {
$Global:uri = $web.Url.AbsoluteUri
if ($Global:uri -match "error=[^&]*|code=[^&]*") {$form.Close() }
}
$web.ScriptErrorsSuppressed = $true
$web.Add_DocumentCompleted($DocComp)
$form.Controls.Add($web)
$form.Add_Shown({$form.Activate()})
$form.ShowDialog() | Out-Null
$queryOutput = [System.Web.HttpUtility]::ParseQueryString($web.Url.Query)
$output = @{}
foreach($key in $queryOutput.Keys){
$output["$key"] = $queryOutput[$key]
}
$output
}
# Get AuthCode
$url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&redirect_uri=$redirectUriEncoded&client_id=$clientID&scope=$scopeEncoded"
$authcode=(Get-AuthCode).values
Write-output "Received an authCode, $authCode"
$body = "grant_type=authorization_code&redirect_uri=$redirectUri&client_id=$clientId&code=$authCode&scope=$scopeEncoded"
$tokenResponse = Invoke-RestMethod https://login.microsoftonline.com/common/oauth2/token `
-Method Post -ContentType "application/x-www-form-urlencoded" `
-Body $body `
I get the authcode something like that
Name Value
---- -----
code M.R3_BAY.f659093f-3327-c99b-e219-9b3c7f82fd95
lc 1051
and then when I try to get a token I get this error message
$body = "grant_type=authorization_code&redirect_uri=$redirectUri&client_id=$clientId&code=$authCode&scope=$scopeEncoded"
$tokenResponse = Invoke-RestMethod https://login.microsoftonline.com/common/oauth2/token `
-Method Post -ContentType "application/x-www-form-urlencoded" `
-Body $body `
Received an authCode, M.R3_BAY.c622845d-f126-9017-134f-e79f3a24c4d4 1051
*
Invoke-RestMethod : {"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 194d7f79-af2e-46e1-b287-c14c364b0200\r\nCorrelation ID: 1348166c-c93c-4cc6-8e57-0c2d32ab2b78\r\nTime
stamp: 2020-09-05 23:53:19Z","error_codes":[9002313],"timestamp":"2020-09-05 23:53:19Z","trace_id":"194d7f79-af2e-46e1-b287-c14c364b0200","correlation_id":"1348166c-c93c-4cc6-8e57-0c2d32ab2b78","error_uri":"https://login.microsoftonline.com/err
or?code=9002313"}
At line:47 char:18
+ ... nResponse = Invoke-RestMethod https://login.microsoftonline.com/commo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
来源:https://stackoverflow.com/questions/63759554/graph-api-get-token