来自服务的 Microsoft Graph API
Microsoft Graph API from service
我正在尝试对 Office 365 进行一次授权,允许用户仅登录一次。
到目前为止,这是我的代码
IdentityClientApp = new ConfidentialClientApplication(this.clientId, "[uri]", new ClientCredential("[private key from Application Secrets section]"), new Microsoft.Identity.Client.TokenCache(), new Microsoft.Identity.Client.TokenCache());
authResult = await IdentityClientApp.AcquireTokenForClientAsync(new []{ "User.Read.All" });
我遇到异常:AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope User.Read.All is not valid.
我不确定我应该如何获得有效令牌我可以退出并重新启动而无需每小时弹出授权页面。
根据您的描述,您正在使用带有 MSAL 库的 Azure AD V2.0 的客户端凭据流。在 Azure AD V2.0 中使用客户端凭证流时,此请求中为范围参数传递的值应为所需资源的资源标识符(应用程序 ID URI),并附加 .default 后缀。对于 Microsoft Graph 示例,该值为 https://graph.microsoft.com/.default.
请单击 here for more details . And here 是一个使用客户端凭据流与 Azure AD V2.0 端点的教程。
此外,由于您使用的是应用身份(客户端凭据流),因此用户无需登录您的应用。请阅读更多关于 authentication Scenarios for Azure AD .If you want to use user identity , you could try OAuth 2.0 authorization code flow and here is a code sample . With user identity ,to extend the duration of your session(user won't logout after one hour). You could try to renew session by adding a hidden iframe in your page which hits the new sign in route at regular time intervals (In sign in operation you could acquire a new access token ). Please refer to article controlling a Web App’s session duration 的详细信息和代码示例。
我正在尝试对 Office 365 进行一次授权,允许用户仅登录一次。
到目前为止,这是我的代码
IdentityClientApp = new ConfidentialClientApplication(this.clientId, "[uri]", new ClientCredential("[private key from Application Secrets section]"), new Microsoft.Identity.Client.TokenCache(), new Microsoft.Identity.Client.TokenCache());
authResult = await IdentityClientApp.AcquireTokenForClientAsync(new []{ "User.Read.All" });
我遇到异常:AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope User.Read.All is not valid.
我不确定我应该如何获得有效令牌我可以退出并重新启动而无需每小时弹出授权页面。
根据您的描述,您正在使用带有 MSAL 库的 Azure AD V2.0 的客户端凭据流。在 Azure AD V2.0 中使用客户端凭证流时,此请求中为范围参数传递的值应为所需资源的资源标识符(应用程序 ID URI),并附加 .default 后缀。对于 Microsoft Graph 示例,该值为 https://graph.microsoft.com/.default.
请单击 here for more details . And here 是一个使用客户端凭据流与 Azure AD V2.0 端点的教程。
此外,由于您使用的是应用身份(客户端凭据流),因此用户无需登录您的应用。请阅读更多关于 authentication Scenarios for Azure AD .If you want to use user identity , you could try OAuth 2.0 authorization code flow and here is a code sample . With user identity ,to extend the duration of your session(user won't logout after one hour). You could try to renew session by adding a hidden iframe in your page which hits the new sign in route at regular time intervals (In sign in operation you could acquire a new access token ). Please refer to article controlling a Web App’s session duration 的详细信息和代码示例。