我有以下代码,我尝试使用 python 请求在 azure(Azure Active Directory B2C)中进行身份验证。但是,我收到以下错误。
s_headers = {
'authority': 'xxxxxx',
'accept': 'application/json, text/javascript, */*; q=0.01',
'accept-language': 'en-GB,en;q=0.9',
'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
'origin': 'https://xxxxxx.com.au',
'request-context': 'appId=cid-v1:xxxxx',
'sec-ch-ua': '"Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-dest': 'empty',
'sec-fetch-mode': 'cors',
'sec-fetch-site': 'same-origin',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36',
'x-csrf-token': csrfToken,
'x-requested-with': 'XMLHttpRequest',
}
response = session.post(
f"{AUTH_URL}/{AZURE_TENANT}/{AZURE_CUSTOM_SIGNIN_POLICY}/SelfAsserted?tx=StateProperties={stateProperties}&p={AZURE_CUSTOM_SIGNIN_POLICY}",
headers = s_headers,
data = {
"userAgent" : USER_AGENT,
"reCaptchaResponseToken": recaptcha_token,
"signInName": LOGIN_EMAIL,
"password": LOGIN_PASSWORD,
"request_type": "RESPONSE"
},
)
print(response.text)
这给出了以下错误:
{"status":"400","errorCode":"AADB2C","message":"There's been a problem logging you in. Please try again later. Error G21."}
我不确定这个错误是什么以及如何解决它。我尝试查找文档,但找不到任何内容。我无权访问 Azure 门户,因此看不到 Azure 中的任何内容,您能告诉我如何诊断此问题吗?
我调查了 - https://learn.microsoft.com/en-us/azure/active-directory-b2c/error-codes
当我查看 http 发出的实际请求时,它给出了正确的输出。下面是我从curl 转换为python 的原始请求。
import requests
cookies = {
'x-ms-cpim-csrf': 'xxxxx==',
'x-ms-cpim-cache|yofrwuiweks9ftnxbix6_w_0': 'xxxxx=',
'x-ms-cpim-trans': 'xxxxx',
'x-ms-cpim-geo': 'NA',
'ai_user': '/5FGmO1637zgi1KRdYXcbl|2023-09-12T09:24:33.821Z',
'utag_main': 'v_id:018a88b4ef78003e66fea3e428700506f027006700bd0$_sn:1$_se:1$_ss:1$_st:1694512473789$ses_id:1694510673789%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:xxxx.com.au$dc_visit:1$dc_event:1%3Bexp-session$dc_region:ap-southeast-2%3Bexp-session',
'_gcl_au': '1.1.1759210396.1694510674',
'_ga_KZ6DC5FG48': 'GS1.1.1694510674.1.0.1694510674.60.0.0',
'_ga': 'GA1.1.1634419484.1694510675',
'AMCVS_AD076C945D9712480A495EBD%40AdobeOrg': '1',
's_ecid': 'MCMID%7C82454003998306155123554473455474142382',
's_ppvl': '%5B%5BB%5D%5D',
's_cc': 'true',
'ai_session': 'eDxzIV8ED2jqnBj+iYRulk|1694510673926|1694510851644',
's_ppv': 'app%253Aauth%253Alogin%253Aemail%2C65%2C82%2C476%2C1920%2C376%2C1920%2C1080%2C1%2CL',
}
headers = {
'authority': 'auth.xxx.com.au',
'accept': 'application/json, text/javascript, */*; q=0.01',
'accept-language': 'en-GB,en;q=0.9',
'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
'origin': 'https://xxx.xxxx.com.au',
'request-context': 'appId=cid-v1:e5ffd5fc-970c-4a51-b319-6e3561c1655c',
'request-id': '|b2fb542531d145a3b14c6bba8185c7a1.323eb3fd3d444a20',
'sec-ch-ua': '"Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-dest': 'empty',
'sec-fetch-mode': 'cors',
'sec-fetch-site': 'same-origin',
'traceparent': '00-b2fb542531d145a3b14c6bba8185c7a1-323eb3fd3d444a20-01',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36',
'x-csrf-token': 'xxxdEVudGl0eSI6IkF1dGhlbnRpY2F0aW9uQVBJLUFjcXVpcmVUb2tlbkZvckNsaWVudCIsIk9yY2hlc3RyYXRpb25TdGVwIjoyfQ==',
'x-requested-with': 'XMLHttpRequest',
}
data = 'userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.0.0%20Safari%2F537.36&reCaptchaResponseToken=oub06nSWb7Fonram55zOWkTLnwxXIbA1sO9r_6dA_-&signInName=xxx%40gmail.com&password=asa!&request_type=RESPONSE'
response = requests.post(
'https://auth.xxx.com.au/xxxx-b75d-4de2-b160-5d75da2ec18b/B2C_1A_v1_sign_in/SelfAsserted?tx=StateProperties=eyJUSUQiOiJjMTUxZTFjOC05NjQ4LTQ0N2EtYmQxNS0zOWQ3MDYyNWZhZmYifQ&p=B2C_1A_v1_sign_in',
cookies=cookies,
headers=headers,
data=data,
)
原始请求的响应,这是我期望我的代码给我的。
{"status":"200"}
根据您的代码,您尝试通过
"{AUTH_URL}/{AZURE_TENANT}/{AZURE_CUSTOM_SIGNIN_POLICY}/SelfAsserted?tx=StateProperties={stateProperties}&p={AZURE_CUSTOM_SIGNIN_POLICY}"
进入旅程
返回 400 的原因是 Azure AD B2C 将不再有状态属性的会话。进入用户旅程的正确端点是通过
/authorize
端点 - 请参阅如何获取授权码
但是,我不建议您自己构建此授权请求,而是使用诸如 Python Identity Package 之类的包,此处为 B2C 示例