OpenIdConnectResponseType 有代码 idtoken ,idtoken 并且它不包含代码作为响应类型
OpenIdConnectResponseTypes has codeidtoken ,idtoken and it doesnt contain code as response type
OpenIdConnectResponseTypes 有 codeidtoken idtoken 并且它不包含代码作为响应类型。 OWIN 中的 UseOpenIdConnectAuthentication 是否支持授权码授予?默认情况下,它将响应类型设置为代码 IDToken。有人可以使用 OWIN 分享授权代码授予的示例吗?
来自Katana的源代码(以下代码可以在OpenIDConnectAuthenticationHandler.AuthenticateCoreAsync方法中找到):
// code is only accepted with id_token, in this version, hence check for code is inside this if
// OpenIdConnect protocol allows a Code to be received without the id_token
if (string.IsNullOrWhiteSpace(openIdConnectMessage.IdToken))
{
_logger.WriteWarning("The id_token is missing.");
return null;
}
以上代码显示 Microsoft.Owin.Security.OpenIdConnect 库不支持授权码授予。虽然不直接支持,但您也可以使用混合流程,但由您来实现令牌请求部分,请参考下面的代码,该代码使用代码交换访问令牌以获取受 azure ad 保护的资源:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = async (context) =>
{
var code = context.Code;
// Create a Client Credential Using an Application Key
ClientCredential credential = new ClientCredential(clientId, appKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
"http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
}
}
}
OpenIdConnectResponseTypes 有 codeidtoken idtoken 并且它不包含代码作为响应类型。 OWIN 中的 UseOpenIdConnectAuthentication 是否支持授权码授予?默认情况下,它将响应类型设置为代码 IDToken。有人可以使用 OWIN 分享授权代码授予的示例吗?
来自Katana的源代码(以下代码可以在OpenIDConnectAuthenticationHandler.AuthenticateCoreAsync方法中找到):
// code is only accepted with id_token, in this version, hence check for code is inside this if
// OpenIdConnect protocol allows a Code to be received without the id_token
if (string.IsNullOrWhiteSpace(openIdConnectMessage.IdToken))
{
_logger.WriteWarning("The id_token is missing.");
return null;
}
以上代码显示 Microsoft.Owin.Security.OpenIdConnect 库不支持授权码授予。虽然不直接支持,但您也可以使用混合流程,但由您来实现令牌请求部分,请参考下面的代码,该代码使用代码交换访问令牌以获取受 azure ad 保护的资源:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
//
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
//
AuthorizationCodeReceived = async (context) =>
{
var code = context.Code;
// Create a Client Credential Using an Application Key
ClientCredential credential = new ClientCredential(clientId, appKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
"http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
}
}
}