问题
I am trying to implement a OAuth2 implicit grant flow in an IOS app. In this case it requires a token request instead of a code request because you can't share the client secret in a native app safely.
so a request like this yields a login form:
https://login.windows.net/<tenantid>/oauth2/authorize?api-version=1.0&client_id=<client id>&response_type=token&redirect_uri=shp-apps://localhost:44300/?ReturnUrl=%2F&resource=https://graph.windows.net
After successfully login I get this error:
#error=unsupported_response_type&error_description=AADSTS70005: response_type 'token'
is not supported for the application
Trace+ID: 9008e580-2798-4b6c-a6bf-2bf614b61f64
Correlation+ID: ceb9bb4b-34a4-4441-801f-377f534543b1
Timestamp: 2014-08-26+16%3a24%3a24Z
Is this actually correct, the token request_type is not supported? or is there something else that I need to do? The application is setup as a native app. I have already been able to do a 'code' response_type in a different application in the same active directory.
回答1:
Implicit grant flow is indeed not supported yet by Azure AD. For your iOS app, use the authorization code grant flow with refresh token support. You don't need to write the OAuth flow on your own - use our iOS/OSX SDK instead: https://github.com/AzureAD/azure-activedirectory-library-for-objc
Philip, stay tuned on the implicit grant flow - it is on our radar.
Hope this helps.
UPDATE: Azure AD now suports implicit grant OAuth flow. see: https://github.com/AzureADSamples/SinglePageApp-AngularJS-DotNet
回答2:
Check this article how to set "oauth2AllowImplicitFlow" in the AAD App Registration manifest file on the Azure Portal.
https://msdn.microsoft.com/en-us/skype/websdk/docs/troubleshooting/auth/aadauth-enableimplicitoauth
Summary
The Issue
When creating your app registration in AAD, you need to manually edit the application manifest and set the value of the oauth2AllowImplicitFlow property to true. Otherwise the AAD sign in flow will not work - error "AADSTS70005: response_type 'token' is not supported for the application..."
The Solution
Follow these steps to solve this issue.
- Sign into portal.azure.com with an administrator account in your tenant.
- Navigate to Azure Active Directory in the left hand side bar > App registrations > Your app.
- Click Manifest at the top of the pane describing your app.
- Change the value of the property
oauth2AllowImplicitFlowtotrue. If the property is not present, add it and set its value totrue. - Click "Save" to save the modified manifest.
来源:https://stackoverflow.com/questions/25511096/getting-error-unsupported-response-typeerror-description-aadsts70005-with-tok