我们希望使用基于证书的客户端凭据访问SharePoint REST API（替换已弃用的ACS）。
目前我们无法从令牌端点获取访问令牌。
尽管我们：

• 将证书上传到已注册的应用程序，
• 已启用应用角色和API权限，并授予管理员许可

我们在postman中不断看到这个jwt token异常：
'AADSTS 700027：未在应用程序上注册具有用于对客户端Assert进行签名的标识符的证书。[原因-找不到密钥。，客户端使用的密钥的指纹：'D 7A 075 E3 A [...] F45 F75 F39 DFAF'，请访问Azure门户、图形资源管理器或直接使用MS Graph查看应用ID 'a4 f [...]'的配置密钥。
我们不知道钥匙的指纹。我们很高兴有任何建议，因为我们已经通过ms文档和旧堆栈的建议。
我们浏览了集成助手，微软文档，例如https://learn.microsoft.com/en-us/graph/auth-v2-service或副驾驶。我们很难理解这个错误的指纹是从哪里来的。

** Postman 电话：**

POST /622d2..d28d/oauth2/v2.0/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: PostmanRuntime/7.35.0
Accept: */*
Postman-Token: 6eb86bfb..b982cf90
Host: login.microsoftonline.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 1042
Cookie: fpc=AnJUj6Foo6JHu93Jqm..DdB90OAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd
 
client_id=a4f1[...]&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6Ik[...]&scope=https%3A%2F%2Ft[..]n.sharepoint.com%2F.default&grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
 
HTTP/1.1 401 Unauthorized
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: fd41f6c6-e80a-465b-b6de-effd5de74a00
x-ms-ests-server: 2.1.16878.5 - WEULR1 ProdSlices
X-XSS-Protection: 0
Set-Cookie: fpc=AnJUj6Foo6JHu93JqmIgZdyfiZiWAwAAAIDdB90OAAAA; expires=Tue, 09-Jan-2024 16:28:44 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Date: Sun, 10 Dec 2023 16:28:44 GMT
Content-Length: 1146
 

{"error":"invalid_client","error_description":"AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client: '0BA07DD820C5F4[..]5E3AF40105EB6', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id 'a4[...]'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as 'https://graph.microsoft.com/beta/appli...']. Trace ID: fd41f6c6-e80a-465.. Correlation ID: a5e2.. Timestamp: 2023-12-10 16:28:44Z","error_codes":[700027],"timestamp":"2023-12-10 16:28:44Z","trace_id":"fd41f...fd5de74a00","correlation_id":"a5e...4c7d2","error_uri":"https://login.microsoftonline.com/error?code=700027"}

字符串