Azure Active Directory v2.0 守护进程和服务器端应用程序支持
Azure Active Directory v2.0 Daemons and Server Side Apps Support
试图弄清楚当前 v2.0 端点是否支持守护进程和服务器端应用程序流。
这篇文章讲的是流程:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-flows
它指出:
This article describes the types of apps that you can build by using Azure AD v2.0, regardless of your preferred language or platform. The information in this article is designed to help you understand high-level scenarios before you start working with the code.
进一步指出:
Currently, the types of apps in this section are not supported by the v2.0 endpoint, but they are on the roadmap for future development. For additional limitations and restrictions for the v2.0 endpoint
最后,我正在尝试构建一个连接到 Graph API 的应用程序,该应用程序按计划连接到 API 并使用“凭据”允许它访问 API 代表允许它的用户。
在我的测试工具中,我可以使用以下方法获取令牌:
var pca = new PublicClientApplication(connector.AzureClientId)
{
RedirectUri = redirectUrl
};
var result = await pca.AcquireTokenAsync(new[] {"Directory.Read.All"},
(Microsoft.Identity.Client.User) null, UiOptions.ForceLogin, string.Empty);
在同一个线束中,我无法使用以下方法获得令牌:
var cca = new ConfidentialClientApplication(
connector.AzureClientId,
redirectUrl,
new ClientCredential(connector.AzureClientSecretKey),
null) {PlatformParameters = new PlatformParameters()};
var result = await cca.AcquireTokenForClient(new[] { "Directory.Read.All" }, string.Empty);
这将导致:
Exception thrown: 'Microsoft.Identity.Client.MsalServiceException' in mscorlib.dll
Additional information: AADSTS70011: The provided value for the input
parameter 'scope' is not valid. The scope Directory.Read.All is not
valid.
Trace ID: dcba6878-5908-44a0-95f3-c51b0b4f1a00
Correlation ID: 1612e41a-a283-4557-b462-09653d7e4c21
Timestamp: 2017-04-10 20:53:05Z
MSAL 包 Microsoft.Identity.Client (1.0.304142221-alpha) 自 2016 年 4 月 16 日以来未更新。我应该使用那个包吗?
当使用 Azure AD V2.0 的客户端凭证流时,此请求中为 scope 参数传递的值应该是您想要的资源的资源标识符(应用程序 ID URI),附加.default 后缀。对于 Microsoft Graph 示例,该值为 https://graph.microsoft.com/.default。
请单击 here for more details . And here 是一个使用 Azure AD V2.0 终结点的客户端凭据流的教程。
试图弄清楚当前 v2.0 端点是否支持守护进程和服务器端应用程序流。
这篇文章讲的是流程:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-flows
它指出:
This article describes the types of apps that you can build by using Azure AD v2.0, regardless of your preferred language or platform. The information in this article is designed to help you understand high-level scenarios before you start working with the code.
进一步指出:
Currently, the types of apps in this section are not supported by the v2.0 endpoint, but they are on the roadmap for future development. For additional limitations and restrictions for the v2.0 endpoint
最后,我正在尝试构建一个连接到 Graph API 的应用程序,该应用程序按计划连接到 API 并使用“凭据”允许它访问 API 代表允许它的用户。
在我的测试工具中,我可以使用以下方法获取令牌:
var pca = new PublicClientApplication(connector.AzureClientId)
{
RedirectUri = redirectUrl
};
var result = await pca.AcquireTokenAsync(new[] {"Directory.Read.All"},
(Microsoft.Identity.Client.User) null, UiOptions.ForceLogin, string.Empty);
在同一个线束中,我无法使用以下方法获得令牌:
var cca = new ConfidentialClientApplication(
connector.AzureClientId,
redirectUrl,
new ClientCredential(connector.AzureClientSecretKey),
null) {PlatformParameters = new PlatformParameters()};
var result = await cca.AcquireTokenForClient(new[] { "Directory.Read.All" }, string.Empty);
这将导致:
Exception thrown: 'Microsoft.Identity.Client.MsalServiceException' in mscorlib.dll
Additional information: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope Directory.Read.All is not valid. Trace ID: dcba6878-5908-44a0-95f3-c51b0b4f1a00 Correlation ID: 1612e41a-a283-4557-b462-09653d7e4c21 Timestamp: 2017-04-10 20:53:05Z
MSAL 包 Microsoft.Identity.Client (1.0.304142221-alpha) 自 2016 年 4 月 16 日以来未更新。我应该使用那个包吗?
当使用 Azure AD V2.0 的客户端凭证流时,此请求中为 scope 参数传递的值应该是您想要的资源的资源标识符(应用程序 ID URI),附加.default 后缀。对于 Microsoft Graph 示例,该值为 https://graph.microsoft.com/.default。
请单击 here for more details . And here 是一个使用 Azure AD V2.0 终结点的客户端凭据流的教程。