问题
I'm using adal js to auth with Azure AD. I have webApp and webApi. Pretty much my apps follow this sample https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet .
I was able to login to my webApp and adal.js successfully acquired a token for my webApi and injected it into a request. All was working until recently. Then token acquisition for webApi stopped working with error:
"response_type 'token' is not supported for the application"
renewToken is failed:AADSTS70005: response_type 'token' is not supported for the application Trace ID: 104c18e3-eb6e-42a4-a292-c6f170f27f65 Correlation ID: c2e65622-0c58-473a-8184-b3056fb1af58 Timestamp: 2015-03-27 22:53:12Z
I can clearly see that adal.js is building a request and puts "response_type=token" into a query string. So, my assumption is that something changed on Azure AD side.
I found one article that correlates response_type=token to implicit grant flow. I confirmed that my webApp has "oauth2AllowImplicitFlow" enabled. I have contacted MS support and waiting for resolution. Meanwhile, I wanted to share this with community and see whether someone has any information regarding the issue.
Thanks
回答1:
If you are building client-side app, you need to enable Implicit flow from the application manifest.
"oauth2AllowImplicitFlow": true,
- Open your application configuration azure portal, and download the manifest file from "Manage Manifest" menu.
search for oauth2AllowImplicitFlow and change the value to true.
upload the file again through the same menu.
Logout and login again to your app and it will work will a charm.
It can also be configured via the Azure AD portal:
- From the application page, click on
Authentication, and underAdvanced Settings, select the checkboxes next toAccess tokensandID tokensto enable OAuth2 implicit grant for the application.
more info about OAuth2 Implicit flow >> link:
The implicit grant type is used for mobile apps and web applications (i.e. applications that run in a web browser), where the client secret confidentiality is not guaranteed...
回答2:
recreating my webApp fixed the issue. I'm still investigation the root cause with MS. Manifests for two apps aren't different except their AAD Client IDs.
UPDATE
see my comments for resolution
来源:https://stackoverflow.com/questions/29326918/adal-js-response-type-token-is-not-supported