时间戳

首页 > 解决方案 > MSAL - 使用 Swift 4.2 在 iOS 中验证令牌时遇到问题

ios - MSAL - 使用 Swift 4.2 在 iOS 中验证令牌时遇到问题

问题描述

我无法解决这个问题。请帮我。

我正在尝试实现这一点,但仍然无法成功。虽然我尝试了多种 Stack-Overflow 解决方案以及下面提到的网址......

https://docs.microsoft.com/en-us/intune/app-sdk-ios

https://github.com/AzureAD/microsoft-authentication-library-for-objc

https://github.com/AzureAD/microsoft-authentication-library-for-objc#installation

我遇到以下问题:

TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03] Default app's access group: "Masked(not-null)".
TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03] Using "Masked(not-null)" Team ID.
TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03] Init MSIDKeychainTokenCache with keychainGroup: Masked(not-null)
TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:(
    "User.Read"
)
                                     extraScopesToConsent:(null)
                                                  account:Masked(null)
                                                loginHint:Masked(null)
                                               promptType:MSALPromptTypePromptIfNecessary
                                     extraQueryParameters:(null)
                                                authority:(null)
                                              webviewType:MSALWebviewTypeDefault
                                            customWebview:No
                                            correlationId:(null)
                                             capabilities:(null)
                                            claimsRequest:(null)]
TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] Checking broker install state for version V2-broker
2020-07-17 10:38:03.586934+0530 XYZ MSAL_App[58046:2641259] -canOpenURL: failed for URL: "msauthv2://broker" - error: "The operation couldn’t be completed. (OSStatus error -10814.)"
TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03] Scheme msauthv2 for broker not present
TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] Beginning interactive flow.
TID=2641259 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] Resolving authority: Masked(not-null), upn: Masked(null)
TID=2641341 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] No cached preferred_network for authority
TID=2641341 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:03 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] Waiting on Authority Validation Queue
2020-07-17 10:38:04.082442+0530 XYZ MSAL_App[58046:2641334] TIC SSL Trust Error [1:0x600002076a00]: 3:0
2020-07-17 10:38:04.091317+0530 XYZ MSAL_App[58046:2641334] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9807)
2020-07-17 10:38:04.091652+0530 XYZ MSAL_App[58046:2641334] Task <D71F58E1-89B6-4C4D-AD1C-51F07303E19B>.<1> HTTP load failed (error code: -1202 [3:-9807])
2020-07-17 10:38:04.092249+0530 XYZ MSAL_App[58046:2641345] Task <D71F58E1-89B6-4C4D-AD1C-51F07303E19B>.<1> finished with error - code: -1202
TID=2641334 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:04 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] Resolved authority, validated: NO, error: -1202
TID=2641334 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:04 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] Interactive flow finished result (null), error: -1202 error domain: NSURLErrorDomain
TID=2641334 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:04 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] acquireToken returning with error: (NSURLErrorDomain, -1202) Masked(not-null)
TID=2641341 MSAL 1.0.0 iOS Sim 12.1 [2020-07-17 05:08:04 - C2508177-7B64-4BE9-9F95-98BE60F27A77] [MSAL] Returned from Authority Validation Queue
App error: Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “login.microsoftonline.com” which could put your confidential information at risk." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x600002775170>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fv2.0%2Fauthorize, NSErrorFailingURLStringKey=https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fv2.0%2Fauthorize, NSErrorPeerCertificateChainKey=(
    "<cert(0x7f8f430ea000) s: stamp2.login.microsoftonline.com i: XYZ Primary Proxy SSL Interception Service>"
), NSErrorClientCertificateStateKey=0, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “login.microsoftonline.com” which could put your confidential information at risk., _kCFStreamErrorDomainKey=3, NSUnderlyingError=0x600001b03fc0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9807, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x600002775170>, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9807, kCFStreamPropertySSLPeerCertificates=(
    "<cert(0x7f8f430ea000) s: stamp2.login.microsoftonline.com i: XYZ Primary Proxy SSL Interception Service>"
)}}, _kCFStreamErrorCodeKey=-9807}
2020-07-17 10:40:03.652983+0530 XYZ MSAL_App[58046:2641344] Received XPC error Connection interrupted for message type 3 kCFNetworkAgentXPCMessageTypePACQuery
2020-07-17 10:40:03.653307+0530 XYZ MSAL_App[58046:2641344] Received XPC error Connection invalid for message type 3 kCFNetworkAgentXPCMessageTypePACQuery

除此之外,我试图信任 SSL pinning 证书......但它仍然给我同样的问题。

//MARK: - Trust SSL Pinning
extension MSALViewController: URLSessionDelegate {
    
    func configureURLSession() {
        self.defaultSession = URLSession(configuration: URLSessionConfiguration.default, delegate: self, delegateQueue: nil)
    }
    
        func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Swift.Void) {
    
            if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust) {
                if let trust = challenge.protectionSpace.serverTrust,
                    let pem = Bundle.main.path(forResource: microsoftonlineCert, ofType: "cer"),
                    let data = NSData(contentsOfFile: pem),
                    let cert = SecCertificateCreateWithData(nil, data) {
                    let certs = [cert]
                    SecTrustSetAnchorCertificates(trust, certs as CFArray)
    
                    completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: trust))
                    return
                }
                else{
                    print("In Else Condition!")
                }
            }
            else{
                print("In Else Condition!")
            }
    
            // Pinning failed
            completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
        }
    
}

我的系统配置:

  - Mac OS    : macOS High Sierra
  - XCode Ver : Version 10.1 (10B61)

请帮我。

标签: iosswiftmsalswift4.2

解决方案

推荐阅读