尝试使用请求进行身份验证时出现 Azure AADB2C 错误

问题描述 投票:0回答:1

我有以下代码,我尝试使用 python 请求在 azure(Azure Active Directory B2C)中进行身份验证。但是,我收到以下错误。

s_headers = {
    'authority': 'xxxxxx',
    'accept': 'application/json, text/javascript, */*; q=0.01',
    'accept-language': 'en-GB,en;q=0.9',
    'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
    'origin': 'https://xxxxxx.com.au',
    'request-context': 'appId=cid-v1:xxxxx',
    'sec-ch-ua': '"Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
    'sec-fetch-dest': 'empty',
    'sec-fetch-mode': 'cors',
    'sec-fetch-site': 'same-origin',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36',
    'x-csrf-token': csrfToken,
    'x-requested-with': 'XMLHttpRequest',
}

response = session.post(
    f"{AUTH_URL}/{AZURE_TENANT}/{AZURE_CUSTOM_SIGNIN_POLICY}/SelfAsserted?tx=StateProperties={stateProperties}&p={AZURE_CUSTOM_SIGNIN_POLICY}",
    headers = s_headers,
    data = {
        "userAgent" : USER_AGENT,
        "reCaptchaResponseToken": recaptcha_token,
        "signInName": LOGIN_EMAIL,
        "password": LOGIN_PASSWORD,
        "request_type": "RESPONSE"
    },
)
print(response.text)

这给出了以下错误:

{"status":"400","errorCode":"AADB2C","message":"There's been a problem logging you in. Please try again later. Error G21."}

我不确定这个错误是什么以及如何解决它。我尝试查找文档,但找不到任何内容。我无权访问 Azure 门户,因此看不到 Azure 中的任何内容,您能告诉我如何诊断此问题吗?

我调查了 - https://learn.microsoft.com/en-us/azure/active-directory-b2c/error-codes

当我查看 http 发出的实际请求时,它给出了正确的输出。下面是我从curl 转换为python 的原始请求。

import requests

cookies = {
    'x-ms-cpim-csrf': 'xxxxx==',
    'x-ms-cpim-cache|yofrwuiweks9ftnxbix6_w_0': 'xxxxx=',
    'x-ms-cpim-trans': 'xxxxx',
    'x-ms-cpim-geo': 'NA',
    'ai_user': '/5FGmO1637zgi1KRdYXcbl|2023-09-12T09:24:33.821Z',
    'utag_main': 'v_id:018a88b4ef78003e66fea3e428700506f027006700bd0$_sn:1$_se:1$_ss:1$_st:1694512473789$ses_id:1694510673789%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:xxxx.com.au$dc_visit:1$dc_event:1%3Bexp-session$dc_region:ap-southeast-2%3Bexp-session',
    '_gcl_au': '1.1.1759210396.1694510674',
    '_ga_KZ6DC5FG48': 'GS1.1.1694510674.1.0.1694510674.60.0.0',
    '_ga': 'GA1.1.1634419484.1694510675',
    'AMCVS_AD076C945D9712480A495EBD%40AdobeOrg': '1',
    's_ecid': 'MCMID%7C82454003998306155123554473455474142382',
    's_ppvl': '%5B%5BB%5D%5D',
    's_cc': 'true',
    'ai_session': 'eDxzIV8ED2jqnBj+iYRulk|1694510673926|1694510851644',
    's_ppv': 'app%253Aauth%253Alogin%253Aemail%2C65%2C82%2C476%2C1920%2C376%2C1920%2C1080%2C1%2CL',

}

headers = {
    'authority': 'auth.xxx.com.au',
    'accept': 'application/json, text/javascript, */*; q=0.01',
    'accept-language': 'en-GB,en;q=0.9',
    'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
  
    'origin': 'https://xxx.xxxx.com.au',
  
    'request-context': 'appId=cid-v1:e5ffd5fc-970c-4a51-b319-6e3561c1655c',
    'request-id': '|b2fb542531d145a3b14c6bba8185c7a1.323eb3fd3d444a20',
    'sec-ch-ua': '"Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
    'sec-fetch-dest': 'empty',
    'sec-fetch-mode': 'cors',
    'sec-fetch-site': 'same-origin',
    'traceparent': '00-b2fb542531d145a3b14c6bba8185c7a1-323eb3fd3d444a20-01',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36',
    'x-csrf-token': 'xxxdEVudGl0eSI6IkF1dGhlbnRpY2F0aW9uQVBJLUFjcXVpcmVUb2tlbkZvckNsaWVudCIsIk9yY2hlc3RyYXRpb25TdGVwIjoyfQ==',
    'x-requested-with': 'XMLHttpRequest',
}

data = 'userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.0.0%20Safari%2F537.36&reCaptchaResponseToken=oub06nSWb7Fonram55zOWkTLnwxXIbA1sO9r_6dA_-&signInName=xxx%40gmail.com&password=asa!&request_type=RESPONSE'

response = requests.post(
    'https://auth.xxx.com.au/xxxx-b75d-4de2-b160-5d75da2ec18b/B2C_1A_v1_sign_in/SelfAsserted?tx=StateProperties=eyJUSUQiOiJjMTUxZTFjOC05NjQ4LTQ0N2EtYmQxNS0zOWQ3MDYyNWZhZmYifQ&p=B2C_1A_v1_sign_in',
    cookies=cookies,
    headers=headers,
    data=data,
)

原始请求的响应,这是我期望我的代码给我的。

{"status":"200"}
python azure azure-ad-b2c access-token bearer-token
1个回答
0
投票

根据您的代码,您尝试通过 

"{AUTH_URL}/{AZURE_TENANT}/{AZURE_CUSTOM_SIGNIN_POLICY}/SelfAsserted?tx=StateProperties={stateProperties}&p={AZURE_CUSTOM_SIGNIN_POLICY}"

进入旅程

返回 400 的原因是 Azure AD B2C 将不再有状态属性的会话。进入用户旅程的正确端点是通过 

/authorize
端点 - 请参阅如何获取授权码

但是,我不建议您自己构建此授权请求,而是使用诸如 Python Identity Package 之类的包,此处为 B2C 示例

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.