azure-devops - SAPUI5 xhr 请求 Azure DevOps 授权失败
问题描述
使用 Postman 和 SAPUI5 测试应用程序试验 Azure DevOps,了解 xhr 请求如何工作的基本知识。使用 Postman 成功读取和更新 DevOps 中的工作项,但是当我尝试使用 SAPUI5(读取-GET 工作)执行此操作时,后一步(更新-补丁)失败。我得到的是授权失败,告诉我应该使用令牌承载授权,问题是我已经在这样做但似乎被忽略了。(工作)邮递员和(非工作)SAPUI5 请求标头的示例以及返回到 SAPUI5 的错误以及下面的调用调用。看看它们,发出 SEEMS 是从 SAPUI5 发送的身份验证 cookie,我目前无法删除。有任何想法吗?
PS:这是研究工作,为了避免 CORS 的东西,我正在运行没有安全选项的 Chrome。
Postman Request Header(如Postman所示,包括数据体):
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSIsImtpZCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2JkZWFlZGE4LWM4MWQtNDVjZS04NjNlLTUyMzJhNTM1YjdjYi8iLCJpYXQiOjE1ODIxMTQzNTYsIm5iZiI6MTU4MjExNDM1NiwiZXhwIjoxNTgyMTE4MjU2LCJhaW8iOiI0Mk5nWUdCL0Y4RCtXcUZuaG5QVTZkUTdHdGF5QUE9PSIsImFwcGlkIjoiZDU1M2E1NTctMjdjMy00MWQ3LWFiM2YtNzc4NDVjNDg3Y2VkIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYmRlYWVkYTgtYzgxZC00NWNlLTg2M2UtNTIzMmE1MzViN2NiLyIsIm9pZCI6ImE4NDUyYmJiLWY3NmUtNDExZi05ZGFlLWU5YmZmOGRhZGIyZCIsInN1YiI6ImE4NDUyYmJiLWY3NmUtNDExZi05ZGFlLWU5YmZmOGRhZGIyZCIsInRpZCI6ImJkZWFlZGE4LWM4MWQtNDVjZS04NjNlLTUyMzJhNTM1YjdjYiIsInV0aSI6Im9wNXYzN1RvdVVlTXBFdTJaRFN1QUEiLCJ2ZXIiOiIxLjAifQ.euzljaai1dMHgPwmN5smOUTCBW0cK_i8kNPdi9wdhAQ17eGoX8tYg6RK8gufsY3aPo_WTLsouR8f_tTjt1BdmGmH4h0hNO7hlHkXMUQr2ZJfMwX1UhikcX91fVMUuSneqnaMo8EqqtBa3iROn1Pi_sN5v8sQPYtkJBwZaFx20SxbQu_dMjilw9ibPhv24GAMY_2z53lBegagqaCbPHR7e-g94363eZh6RlX0bBJhaoK5zj8G1U6xqdLyGSY1q1lWo3m1GTjAciWuF7zvSLqOpzAMhu9GkY07idKdHjKQefewOFygsuGzMWTPklGyzHqHkagzyeubZrIKA1Jpi6beSg' \
--header 'Content-Type: application/json-patch+json' \
--data-raw ' [{
"op": "replace",
"path": "/fields/System.Title",
"value": "The ability to restrict access for users who are on long term leave XXX"
}]
SAPUI5 请求标头(来自调试器“网络”选项卡)
:authority: XXXXXXXXXXXX.visualstudio.com
:method: PATCH
:path: /SAP/_apis/wit/workitems/8919?api-version=5.1
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-GB,en-US;q=0.9,en;q=0.8
authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSIsImtpZCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9iZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2IvIiwiaWF0IjoxNTgyNTUyMjA0LCJuYmYiOjE1ODI1NTIyMDQsImV4cCI6MTU4MjU1NjEwNCwiYWlvIjoiNDJOZ1lKajRwV0s5OTBIcEV5YlQ5ZVpLV2lwdUFRQT0iLCJhcHBpZCI6ImQ1NTNhNTU3LTI3YzMtNDFkNy1hYjNmLTc3ODQ1YzQ4N2NlZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2JkZWFlZGE4LWM4MWQtNDVjZS04NjNlLTUyMzJhNTM1YjdjYi8iLCJvaWQiOiJhODQ1MmJiYi1mNzZlLTQxMWYtOWRhZS1lOWJmZjhkYWRiMmQiLCJzdWIiOiJhODQ1MmJiYi1mNzZlLTQxMWYtOWRhZS1lOWJmZjhkYWRiMmQiLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiRVUiLCJ0aWQiOiJiZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2IiLCJ1dGkiOiJkazJkaklvWlJFT0pUSTlzN0QyVkFBIiwidmVyIjoiMS4wIn0.jsUzsnVpz6WtkcmjnvS22_b8pTNQIpcLhA3bRuFaQUek1dPNwOS5K_7pqoqmJeQhmuY2TFoQ6Yx6GGgHf91eKXLhaABXc9TYHMr5UMcGf11mGfIUlDf9Si5kd5UP_HhyCVsSYAsPhihU9SutYzBK5Nw0pxPKLP27C2IUJ8qH0ax8Pid3czWkMQGZUkJtHiXB9ewo3fPOloRWVqsvHp9UbL1L5o9ErWZHxyBty_kaheNCWI-aoCUEFBqDO8kNK-JONS9qNQ7zGYYvkJMcMwpwYctxlso1-x81Um3EFGqkJbGCjT0vSNMlRrrPKI0vG4QLuLX4JTr91b08Nj3cv6zTng
content-length: 129
content-type: application/json-patch+json
cookie:SpsAuthenticatedUser=DisplayName=Grigorios%20Kampouroglou&aad=False;VstsSession=%7B%22PersistentSessionId%22%3A%222faed874-961a-4420-989e-b747711f4a13%22%2C%22PendingAuthenticationSessionId%22%3A%2200000000-0000-0000-0000-000000000000%22%2C%22CurrentAuthenticationSessionId%22%3A%22df72f060-60df-4490-9a89-5a291acc15b2%22%2C%22SignInState%22%3A%7B%22spsprodweu4.vssps.visualstudio.com%22%3A%7B%22LastSignInTick%22%3A637177215165345730%2C%22SignInCount%22%3A2%7D%7D%7D; FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U2VjdXJpdHlDb250ZXh0VG9rZW4gcDE6SWQ9Il8wYmMyNzFmMC03NTllLTQ4NTYtODQ3MS1jMzBhNmM0NDFhOGUtN0M5N0VEMjBFREI4NjYyRTdBRkYzRTEyRDQ3RUI4QjQiIHhtbG5zOnAxPSJodHRwOi8vZG9jcy5vYXNpcy1vcGVuLm9yZy93c3MvMjAwNC8wMS9vYXNpcy0yMDA0MDEtd3NzLXdzc2VjdXJpdHktdXRpbGl0eS0xLjAueHNkIiB4bWxucz0iaHR0cDovL2RvY3Mub2FzaXMtb3Blbi5vcmcvd3Mtc3gvd3Mtc2VjdXJlY29udmVyc2F0aW9uLzIwMDUxMiI+PElkZW50aWZpZXI+dXJuOnV1aWQ6ODE1M2FmMGItNTY5OS00OWFjLTgwZmEtMjM0NjY2MzgyZTg2PC9JZGVudGlmaWVyPjxDb29raWUgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwNi8wNS9zZWN1cml0eSI+MFlkQ1daWk9tSTRBQVFBQUNvRHFhbnBTQzhmU09ZeDRLbE1naFBoNmtNOHAwMDJTNEV4ZG4wWFZFSEdNbzBBeE81NzZuaHBVeXYyYXBxWWZkTFVhV3luVUlXSkZ0SFZsa2VGcGxSdkNtK0NLbnJVRlV1NjI5LytSdUpCTEd3bDRNU3NKTVVwK215dXNUVDZ3aVhRa2JnN3Y5Q2ZoQVlGUDEwaytZaTh5L3VVQ2NTeWVhbGtxdWlIVHd2Rjh3ZlovOGRlU3YxS3R1VFRYRlhLbFdaWTlwMi8yOU1FeUw4elM1R2xBdVhNWjNUR0lQckl5SXNWNjQ3R3FOT3lOQ05OVmdZeGl2cmxnM0RuOHZLQkp1RCtaMzVOQ1Bmay9DcjBUbzh3c2hqa0dHUjFQNHcxSnpNVHJ6S2xoN2VJT2lOOVlLczV1L001V3hsVU83RFNYSU91SWE5L2Y4VmxvVjN1cm5MT3pTU2N1Q1MwTjZVRzhyU3pIeXc5Q1NFU21tcWV2ejI4QUM0ajV1dHJhLzdwREFBRUFBRnlIdVp3cVhESmVkNUt6T2dkYzIrRktNdHNTM3VyUHNQeHY3OVRiZVRMYTFYREdPNEVBbzJMa0VPN2kxMVBzZHJ0S1pVK25MbXJRZUlWc2xHYk41Q3RaUzBZK3oxOWpCNjVNaUtFZXNITXF4Q3FOWFh1bnJDaDkvZUNkWE9pZnllTVlxLzhwMldNWWhxMVI1cVhxeWR3RVRrVmREY2VNMy9yazJmN1dyQUs2dm1qdDhRbnlNVmhhbXdCdkpZWm9oQkxvV0hMaVlyMlc3clZUc1BGWmZOWkIrb29UY0RjUzNnUmtRWi9PbmN4OUMrbDVNNmxsb1J5QnhjeDgySmQ4UUE5Q25DcCtLYXRRYTZSRnhZenAzTjFKRHdmR3ZBQTE0emNueDZuUjAxL25PK2hYTW9ad2pwZ1ZqKytCNzIxYy9GSlk1bHRUQmhyQzVHZWVQK0M0Nnh2d0JBQUFmVjkrTVFEY0NzRVovWFYzSHpZdkN3bjhkY054ZDUvdUIreFRkKzU1ZldMczVraytCcEJESk5IUW5WelNXTFEvRnlaT3hGWGMvQ2U2ZnliSVZTajViY3A4Z1lKY1FNVzZCRlhhWEg2TXp4TGtBaFBxZ0VrNHBOMXJzcWxqOVFmWXY0UTNYNGhmSlMzMG1PZ25jYVFPZHpDSmlyRGlMMGR0NFN2ZVlOeEJlT1lTZTRDZjV1YWw1ZllWWjBweUhTQmR0ODltTGVLU2V3UGxMMmloL29kU0k5bi9NU3R5N3BtSnRTcWhDaG9VbWtyTmpVUnVYVVJ4dGZBTHhDTngzVDJhbnlUa3BUN1AzVjVOUEhFWVcvRGw0aUNXVGV5ZUFLOE5qUUVXc1A4aytWWU90UWZONU5o; FedAuth1=Z1FEWFk3TlA4UDV4NFZzZ0lmcFE5ZmNRTTNvR3g3K1E2N1ZCSTBVVnRhbWZSaEswN3ZjRGsrZXk0dE9XMXpvbFovR3pYaUM0Yk8zZnpjamFhZDJCMkNHbFpva1I3QXphQnFqQm5HdlBVcU8zVjNzSTd4THdsVVhGSS9Qak54OFBXZm5vMnhkM2F5dTZUaWhVZDFJY3R0ZXp6Nm45b0JqTkFXUDJCNWNjNERMT1IxOHBGdVR6YXFxMmo3K3Y1WDVnN2pRWnBHVVpFbUtOUWdVUnhMakRTK3M1Y0RaOUVBeXlEaXBTMktRbGY1dFk3MTVva3liU3hDUGhJVWlnQktFNEx2M0dmb0lpSzVGT0VKeTRWalY4MG4wRlB3V2lZblU0Yy9SRjI2NWlFM1Mzdzc2ZElqQlJKdXc2dU5EY0Jia3ZieWx2VWRuRnFpVm1MQnVYaWFtTW5FNUhEejNDTHNrUXBNaWZmNklaMWtzbkVkOEV6d0l1U1dhUnFNOG5xWXQyeGRTU1p5TXN6R04xeHJjbEM2bTU0Wi9XU3BjU3hHZlpwVExIa1FleERkYmlrMTZjRlI5RW1iTFdkaUhLb1dzaU9mMUJqOWNCcmpDRDIxVFROaS9WZmNiRjZxa0toWmRrczVxNlhsN2tLcC9yb2I4bjlyYXo0SDM1NTh6am51YjZNdDZJNnZNM3prZjhnMUs4dlhXR0FJbHhYVVhxMkNJdXdyUUtITGZuVE1veWMwajQzZCtlQXFJRkFBU3ZEZTdNb3I0MGYzSnVIQnF4elBWczNrUzNBU05BcWdad0JKY2F3U2YydnA0cE5DZ2YrTEdDVHhkSzJINzV6ZWJQbnh2WVQ5bDlQWXMyUW93bUVkU0Y5MXk5MSt1QTc4b2pwck94WSsrZE5UclczbDEwUjdIZm14L1RPVWpIUHQ3V1dKRjI5SmYrbzViVG0rZUZSOVlxQlBSanBLTm9xQW5RY2tuSEFQeFpLYWNwQVozaVNqOTBVa0EyMnNac2Z1MTdRTU9xd0k1SVNZbFh6d20xV3JDeDRYQ0VVOW9nK3ByajdROENzeFpqRVIzNjlTSitsLzIzc0hUa2t6eUpzV2RadUJSYzJhUWpoREFJK0tONVlGU3Z4TStMMUtSd29YQW5FaE1pcHRTaml0Z0RIaHF5N2Q0V2lNU3h6VmdVRXVCWTZVOTUzT0ErcDhXWmdaTlRqRDRHWFIvamFPOUNZWjJ4cHNTaURvRHBOeG9nUmMxbnpuVUNkcGsrZHpuNmN1dzZDY1dIYlgzUDdHWVVxcFJnRDFZUU5XSnVTdHdyZ2tOd2wzVDM0cWhJdEhhczRpdHVPb2pEMkJwY2hOb3dBM1FQblRFLy9tR216R1JPNkgwbEVCY2p6OE1JNmE5SVFsUjBxL1lqbGtWbStGS2RDY0dzTDlHOE05TVRHN3hsenYyK1hmSENDOEt6WEt5NjdDTGMxTW0rTTI1Q3NqMzBadS9xdTYranlYWDBwblVaNERHSjZ0bFk5c202WUkveDhDQWswSjkwQmg2UFF0YVdBYU1tQTJDNld4TytuVkp2SjVoVWhOWkxFYkk0dThiMGtXL3JOOGxzZnZFb1JEemUzdjFXcXZlVldUaGpPZTdZeWdUeVlkcmE1RGorUGVhenloMzBSNldXdGp0c2k1NlFldmpYLzZ3am1QNFJYR1Z3QURZcU1JTVFRcXFXOUhsbnVuWHBSYk85eVByZWV0S3p6UWw0aUQxNDV4N2phclY0U2JQb003bkdESmxia3VCV1A5RHNMUDVYb2hOQ2pyS0RpaDJ2bk9zSnVpWkZRN3liMVZwVG9qeUl3cUE9PTwvQ29va2llPjwvU2VjdXJpdHlDb250ZXh0VG9rZW4+; UserAuthentication=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InpQVTRQb1VlNU1McFR2dWRGTmxaQXQ4Mkd4ayJ9.eyJmYW1pbHlfbmFtZSI6IkthbXBvdXJvZ2xvdSIsImdpdmVuX25hbWUiOiJHcmlnb3Jpb3MiLCJvaWQiOiIzZWY1OThmMi00MTk4LTQ1NDctYTM5Mi0zMmJhYTdkNTA4NTIiLCJ0aWQiOiJiZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2IiLCJzdWIiOiJiZGVhZWRhOC1jODFkLTQ1Y2UtODYzZS01MjMyYTUzNWI3Y2JcXHVpdGdrYUBsZWVkcy5hYy51ayIsInVuaXF1ZV9uYW1lIjoidWl0Z2thQGxlZWRzLmFjLnVrIiwiZW1haWwiOiJ1aXRna2FAbGVlZHMuYWMudWsiLCJwdWlkIjoiYWFkOjEwMDMzRkZGQTNBRkZENEQiLCJ2ZXIiOiIxLjAiLCJqdGkiOiJmOGQ1ZDczNS1hNjNkLTQ5N2QtYWNjNi0xZTBmYTUwM2E4NmQiLCJpc3MiOiJhcHAudnN0b2tlbi52aXN1YWxzdHVkaW8uY29tIiwiYXVkIjoiZTVjODY2NzYtZDA2My00ZGEzLWJiOTYtYzhlMDUwNGJkYmE1IiwibmJmIjoxNTgyNTQ5NjY5LCJleHAiOjE1ODMxNTQ0Njl9.DDrwADcUeMCB-Tt9sLu6T042hel7aTdm8IfUmQY7pHOkT9VPQSAhVE-Puw3Y8dzfnzteIhojaSEsVI17pjGblOuDbCVcb9LzJ17u-XCmD2SY2M6i-t_xOaj-daYy2tRigVpN-lCoQ-K9VcF7mkHH4hiFynHUQDMcUn7gV9xs7zDCE4ILbDvnltKfFvcn0wQP0BxJwurhK8PaDhSPrr1fm-b38zmYB8nGEaYiobDdX8ZSOxMnlEUivoRkogGp51nSHZzexI3ER7TDJRMPSVkTeaIiatoWWjli8AlPewMKM46Ulb6TtbC4liBrqFnY46dTA-aSvb0oyNCynJi89b2yXw
origin: https://webidetesting4693883-af5c37dc2.dispatcher.hana.ondemand.com
referer: https://webidetesting4693883-af5c37dc2.dispatcher.hana.ondemand.com/webapp/index.html?hc_orionpath=%2FDI_webide_di_workspace92fzelc13935in9e%2FTest_space&neo-di-affinity=BIGipServerdisapwebide.hana.ondemand.com+%21MfjRbGTQMxtzeMH2sXeD7QV2Vba36qePi57x9XciOdsuGVAcQO4JzpULTwOmB5brhKtfSMM9EVgn%2FK0%3D&origional-url=index.html&sap-ui-appCacheBuster=..%2F&sap-ui-xx-componentPreload=off
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36
错误响应
"{"$id":"1","innerException":null,"message":"A cross-origin request from origin \"https://webidetesting4693883-af5c37dc2.dispatcher.hana.ondemand.com\" is not allowed when using cookie-based authentication. An authentication token needs to be provided in the Authorization header of the request.","typeName":"Microsoft.VisualStudio.Services.WebApi.VssApiUnsafeCrossOriginRequestException, Microsoft.VisualStudio.Services.WebApi","typeKey":"VssApiUnsafeCrossOriginRequestException","errorCode":0,"eventId":3000}"
SAPUI5 代码
_updateWorkItem: function() {
var promise = $.Deferred();
var self = this;
url = "https://login.microsoftonline.com/bdeaeda8-c81d-45ce-863e-5232a535b7cb/oauth2/token";
$.ajax({
url: url,
headers: {"Content-Type": "application/x-www-form-urlencoded"
},
type: "POST",
dataType: "json",
data: {
"grant_type": "client_credentials",
"client_id": "d553a557-27c3-41d7-ab3f-77845c487ced",
"client_secret": "53GH[jL6VqID@cp]DQ[wMS5@Smx]0l80"
},
success: function(xhrData) {
var json= [{
"op": "replace",
"path": "/fields/System.Title",
"value": self.getView().byId("sTitle").getValue().toString()
}];
sDevOpsToken = xhrData.access_token;
url = "https://XXXXXXXXXXXX.visualstudio.com/SAP/_apis/wit/workitems/" + oModel.getProperty("/id").toString() +"?api-version=5.1";
$.ajax({
url: url,
headers: {"Content-Type": "application/json-patch+json",
"Cookie": null
},
type: "PATCH",
data: JSON.stringify(json),
cache: false,
dataType: "application/json-patch+json",
beforeSend: function (xhr) {
//xhr.setRequestHeader("Authorization", "Basic " + btoa("" + ":" + "{sDevOpsToken}"));
//xhr.setRequestHeader("Authorization", "Bearer " + btoa(sDevOpsToken));
xhr.setRequestHeader("Authorization", "Bearer " + sDevOpsToken);
},
success: function(xhrData2) {
oModel.setProperty("/Title", self.getView().byId("sTitle").getValue().toString());
promise.resolve();
},
error: function(xhrData2) {
MessageBox.error(xhrData2.response);
promise.resolve();
}
});
}
});
var readyToGo = function() {
};
jQuery.when(promise).done().then( jQuery.proxy(readyToGo, this) );
}
解决方案
推荐阅读
- asp.net-core - 需要 asp.net 核心 webapi 的请求标头
- d3.js - 线条突出,但点不突出
- html - 如何将两个项目并排与一个项目并排对齐
- node.js - 如何避免从 node.js 中的 Application Insights 收集客户端位置信息?
- r - R如何将mathml转换为r方程
- python - 如何在python字典中获取特定键
- flutter - Flutter & AlertDialog : 我的应用在加载后不显示警报对话框
- reactjs - React-hook-form 如何与其他字段交互?
- javascript - VJS 如何使用回车键导航到下一个 tr
- php - 在更新的 php/apache 上的 php/mysql 中的字符 ü 有问题