How to get authorization to UCWA and Skype Web SDK

2020-03-24 06:55发布

问题:

I have a Skype for Business account call art@shockw4ves.onmicrosoft.com and I'm trying to get authorization.

  1. My first request to lyncdiscover service
GET https://lyncdiscover.shockw4ves.onmicrosoft.com/

Answer:

{
  "_links": {
    "self": {
      "href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=shockw4ves.onmicrosoft.com"
    },
    "user": {
      "href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=shockw4ves.onmicrosoft.com"
    },
    "xframe": {
      "href": "https://webdir1e.online.lync.com/Autodiscover/XFrame/XFrame.html"
    }
  }
}
  1. Then i take a user link and do next request
GET https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=shockw4ves.onmicrosoft.com

Answer: 401 Unauthorized

Cache-Control → no-cache
Content-Length → 1293
Content-Type → text/html
Date → Wed, 30 Sep 2015 11:16:37 GMT
WWW-Authenticate → 
    Bearer trusted_issuers="00000001-0000-0000-c000-000000000000@*", 
    client_id="00000004-0000-0ff1-ce00-000000000000", 
    authorization_uri="https://login.windows.net/common/oauth2/authorize", 
    MsRtcOAuth 
    href="https://webdir1e.online.lync.com/WebTicket/oauthtoken",
    grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting"
X-Content-Type-Options → nosniff
X-MS-Correlation-Id → 2147499790
X-MS-Server-Fqdn → AMS1E01EDG08.infra.lync.com
client-request-id → ea4f5098-732f-4feb-ae34-cf6ff7fc1a73
  1. This response contains my credentials data. I take authorization uri and do my next request
POST https://login.windows.net/common/oauth2/authorize

body of x-www-form-urlencoded:

grant_type=password
username=art@shockw4ves.onmicrosoft.com
password=xxxxxxxxxx
client_id=00000004-0000-0ff1-ce00-000000000000

Answer:

<html>
    <head>
        <title>Continue</title>
    </head>
    <body>
        <form method="POST" name="hiddenform" action="https://login.microsoftonline.com/common/oauth2/authorize">
            <input type="hidden" name="grant_type" value="password" />
            <input type="hidden" name="username" value="art@shockw4ves.onmicrosoft.com" />
            <input type="hidden" name="password" value="xxxxxxxxx" />
            <input type="hidden" name="client_id" value="00000004-0000-0ff1-ce00-000000000000" />
            <noscript>
                <p>Script is disabled. Click Submit to continue</p>
                <input type="submit" value="Submit" />
            </noscript>
        </form>
        <script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
    </body>
</html>
  1. Copy this html form and run in browser. Its redirect to https://login.microsoftonline.com/common/oauth2/authorize and open page with error text:
Sign In
Sorry, but we’re having trouble signing you in.
We received a bad request.

Additional technical information:
Correlation ID: 0669eee8-0dc5-4aa1-a94d-41e5bbc2f25d
Timestamp: 2015-09-30 14:06:30Z
AADSTS50011: No reply address is registered for the application.

What i do wrong? Also i test with:

grant_type=password 
grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting"  
grant_type="urn:microsoft.rtc:windows,urn:microsoft.rtc:anonmeeting,password"

What is error No reply address is registered for the application ?

回答1:

There are a few problems. The second step's 401 response contains a WWW-Authenticate header with grant_type="urn:microsoft.rtc:passive,urn:microsoft.rtc:anonmeeting" which means authentication is only allowed via passive or anonmeeting. In step 3 the request is trying to use an unsupported grant type, password.

The account in question looks/feels like it is associated with Office365/Lync Online which means there isn't any current support for UCWA. Even if this was supported you would need to be looking at how to authenticate using passive authentication, Authentication in UCWA, which is not well documented right now.