我有一个使用MSAL.js 1.3.0的JavaScript应用程序。登录屏幕提示我,并且我能够登录。但是无论我如何在Azure门户中配置应用程序,登录后总会收到以下消息:
所以,我授予了应用程序管理员同意:(几周前对于委派权限不是必需的。此外,下面的页面根本不显示'需要管理员同意')
但是,行为仍然没有改变。我无法通过“需要管理员批准”消息。
我的编码在这里:
config: {
msalConfig: {
auth: {
clientId: "b273e5a6-8940-481b-9c87-1b51310ff88c"
},
cache: {
cacheLocation: 'localStorage',
storeAuthStateInCookie: true
}
},
graphBaseEndpoint: "https://graph.microsoft.com/v1.0/",
userInfoSuffix: "me/",
queryMessagesSuffix: "me/messages?$search=\"$1\"&$top=150",
scopeConfig: {
scopes: ['User.Read', 'Mail.Read']
}
},
onInit: function () {
this.oMsalClient = new Msal.UserAgentApplication(this.config.msalConfig);
//check if the user is already signed in
if (!this.oMsalClient.getAccount()) {
this.oMsalClient.loginPopup(this.config.scopeConfig).then(this.fetchUserInfo.bind(this));
} else {
this.fetchUserInfo();
}
}
这是我的应用程序清单:
{
"id": "HERE-WOULD-BE-AN-ID",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [],
"allowPublicClient": null,
"appId": "b273e5a6-8940-481b-9c87-1b51310ff88c",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2020-06-09T10:31:12Z",
"groupMembershipClaims": null,
"identifierUris": [],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "2020-06-09 - Fiori Sandbox Test2",
"oauth2AllowIdTokenImplicitFlow": true,
"oauth2AllowImplicitFlow": true,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"preAuthorizedApplications": [],
"publisherDomain": "d063937domain.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "https://d063937trial-d063937trialb-devspace-msgraph-ui.cfapps.eu10.hana.ondemand.com/ui/index.html",
"type": "Web"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "570282fd-fa5c-430d-a7fd-fc8dc98a9dca",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null,
"verifiedPublisher": {
"displayName": null,
"verifiedPublisherId": null,
"addedDateTime": null
}
}
PS:我不是JavaScript开发人员,只是从一位同事那里获得了最近正在使用的应用程序,并想使用它。如果有任何遗漏,请告诉我。
干杯,最大值
如果您希望最终用户同意代表他们的应用访问公司数据,则需要使用管理员帐户登录Azure门户以启用此功能。
转到Azure Active Directory-> 企业应用程序-> 用户设置,为“用户可以同意应用程序代表他们访问公司数据”选择是。] >
如果您希望最终用户可以请求访问需要管理员同意的应用程序,则可以configure the admin consent workflow。