问题描述

您好，我们正在尝试使用OAuth为第三方IdP（grean.com）创建自定义政策。



我们尝试过此提供商在其他情况下它工作正常，虽然我们无法使其作为自定义策略IdP工作。



我们收到此错误（在App Insight中跟踪）：

Hi, we are trying to create a custom policy for a 3rd party IdP (grean.com) with OAuth.

We have tried this provider in other scenarios and it works fine, although we can't get it to work as a custom policy IdP.

We get this error (traced in App Insight):

{"Kind":"Handled","HResult":"80131500","Message":"An invalid OAuth response was received: \"{0}\".","Data":{},"Exception":{"Kind":"Handled","HResult":"80004003","Message":"Value cannot be null.\r\nParameter name: uriString","Data":{}}}

所以看起来返回json有问题吗？我尝试比较对Facebook的响应，手动执行所有调用，看起来一样。索引提供程序如下所示：

So it seems like the return json is something wrong with? I tried compare the responses to Facebook doing all the calls manually and it looks the same. Here is how the claim provider looks like:

<ClaimsProvider>
  <Domain>someting.grean.id</Domain>
  <DisplayName>EasyId</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="EASYID-OAUTH">
      <DisplayName>EasyId</DisplayName>
      <Protocol Name="OAuth2" />
      <Metadata>
        <Item Key="ProviderName">easyid</Item>
        <Item Key="authorization_endpoint">https://something.grean.id/oauth2/authorize?acr_values=urn:grn:authn:se:bankid:another-device</Item>
        <Item Key="AccessTokenEndpoint">https://something.grean.id/oauth2/token</Item>
        <Item Key="ClaimsEndpoint">https://openpayments.grean.id/oauth2/userinfo</Item>
        <Item Key="acr_values">urn:grn:authn:se:bankid:another-device</Item>
        <Item Key="HttpBinding">POST</Item>
        <Item Key="UsePolicyInRedirectUri">0</Item>
        <Item Key="client_id">our clint id</Item>
        <Item Key="scope">code openid</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="client_secret" StorageReferenceId="B2C_1A_EasyIdSecret" />
      </CryptographicKeys>
      <InputClaims />
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="ssn" />
        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="givenname" />
        <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="surname" />
        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
        <OutputClaim ClaimTypeReferenceId="email" DefaultValue="email@email.com" />
        <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="easyid" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
      </OutputClaimsTransformations>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

并且在返回之后令牌中看起来像这样（带邮递员）：

And in the token looks like this after returned (with postman):

{
    "token_type": "Bearer",
    "expires_in": "120",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGci...",
    "access_token": "9855e49b-362e-47da-9ef7-973492ab7cf4"
}

但是响应仍然是收到了无效的OAuth响应

But the response is still An invalid OAuth response was received

我们做错了什么想法？

谢谢！

推荐答案

你能否分享一下帮助你解决问题的方法？

Could you please share what helped you with its resolution?

这篇关于Azure AD B2C自定义策略返回“收到无效的OAuth响应”对于第三方OAuth2 IdP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！