{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 干净又极端 的问题《Skype For Business Online Authentication Error - 4》','https://www.manongdao.com/q-1049981.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Hello Microsoft/Azure/Skype experts,
I'm tasked with accessing presence data from Skype For Business Online accounts from my macOS app (native). I'm unfortunately stuck and i always get a 403 error when i access the autodiscover request and never get the link to the applications resource
I have been following this documentation https://docs.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
STEP 1 We have registered the app in the Azure Management Portal using our Office 365 account credentials.
- We have used custome redirect URL (http://localhost)
- Allow Implicit Flow is set to true in manifest
- We pre-configure the permissions needed for Skype for business
online
STEP 2 Issuing a GET as specified in the documentation to initiate sign in and authorization check.
This returns a 200 OK.
STEP 3
We got the Auto discover URL as described in the documentation.
This is what i get - i use the domain marked in RED.
STEP 4 As per the documentation, they ask me to do this
Requesting an access token using implicit grant flow So i issue a GET as described
https://login.microsoftonline.com/oauth2/authorize? response_type=id_token &client_id=######-4d41-485e-871f-0a22aa79e52b &redirect_uri=http://localhost &state=8f0f4eff-360f-4c50-acf0-99cf8174a58b &resource=https://webdirin1.online.lync.com
Now this shows the sign in page, i sign in and then it throws an error
AADSTS90014%3a+The+required+field+%27nonce%27+is+missing.
I researched and could not fix this error. So after lots of research and looking at this Microsoft documentation LINK (https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#requesting-individual-user-consent) , apparently there is another way of getting the bearer token.
STEP 4 - SECOND TRY
I then Request individual user consent by sending the SCOPE parameter for Skype for Business. I then issue a GET request to
This returns an access code which i use in next step to get the TOKEN
STEP 5 - Get the bearer TOKEN
Issue a POST to following URL https://login.microsoftonline.com/common/oauth2/v2.0/token With the following data in POST body
"grant_type": "authorization_code", "client_id": "######-4d41-485e-871f-0a22aa79e52b", "scope": "https://api.skypeforbusiness.com/User.ReadWrite", "code": "OAQABAAIAAACEfexX.........", "redirect_uri": "https://localhost"
This returns the bearer token in the following response JSON
{
"access_token" = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1........w4b-- gnWG_iOGtQ";
"expires_in" = 3599;
"ext_expires_in" = 3599;
scope = "https://api.skypeforbusiness.com/User.ReadWrite";
"token_type" = Bearer;
}
STEP 6
Yay! Got the bearer token at laaast! Now back to the main documentation https://docs.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
And where we do this - 'Resending an autodiscovery request with the bearer token' We execute a GET request to
https://webdirin1.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Now this, as per the documentation should return this JSON
{
"_links":{
"self":
{"href":"https://webdirX.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user"},
"applications":
{"href":"https://webpoolXY.infra.lync.com/ucwa/oauth/v1/applications"}
}
}
BUT i GET A 403: PERMISSIONS denied error
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page
using the credentials that you supplied.</h3>
</fieldset></div>
So thus i have never got the applications url and I have checked the manifest, registration and i have no idea, why i get this error.
Any inputs would be appreciated.
For step 4, you need to specify
nonce=somestringin the URL. Typically this should be a securely random value that is only used once. It can contain any value.Also, you are only requesting an id token. Set
response_type=id_token+token.