带有刷新令牌的 Azure Active Directory B2C 定价说明
Azure Active Directory B2C pricing clarification with refresh tokens
我对定义的 Azure AD B2C 定价结构感到困惑 here。
这个问题似乎来自这个描述:
Authentications: Tokens issued either in response to a sign-in request
initiated by a user, or initiated by an application on behalf of a
user (e.g. token refresh, where the refresh interval is configurable).
在我的租户/应用程序的 Azure AD B2C 设置中,我定义了一个 SignInUp 策略,然后可以选择访问/ID 令牌的生命周期(最长 24 小时)以及刷新令牌(最长 90 天) ) 然后刷新滑动 window 边界(最多 365 天或无过期)。
这与根据身份验证定价向我收费的身份验证有什么关系?
例如,如果我将我的访问/ID 令牌设置为 24 小时并将我的刷新令牌设置为 90 天,并且我使用 MSAL 库来获取 AcquireTokenSilentlyAsync 并且我有一个每天都进入该应用程序的用户,我会得到每月为该用户收取 30 次身份验证费用,或者因为刷新令牌尚未过期而仅收取 1 次身份验证费用?
这对成本以及我是否可以使用 B2C 来满足我的应用程序身份验证需求产生了巨大的影响。例如,每天有 100,000 名用户,如果我每月只收取 1 次身份验证费用,如果我的刷新令牌设置为 90 天,最终平均每月花费大约 50 美元,而如果它每 24 小时收取一次身份验证费用,我每月将收取 6300 美元的费用!对此的任何澄清表示赞赏。
让我对来自定价网站的代码段添加一些说明,然后进一步解释。
修订:
身份验证: ID 令牌或访问令牌 发出以响应用户发起的登录请求,或由应用程序代表用户获取新的 ID 令牌或新的访问令牌(例如,当应用程序使用刷新令牌时,刷新间隔是可配置的)。
ID 令牌的最长生命周期为 24 小时。假设您将 ID TOKEN 生命周期设置为 24 小时,一个用户在 30 天内每天使用您的应用程序,将至少进行 30 次身份验证。
如果您将 ID Token 生命周期设置为 1 小时,并表示用户连续使用您的应用 12 小时,那么当天最多可以添加 12 个令牌。
相反,刷新令牌是 "free." 刷新令牌与 ID 令牌的交换会导致身份验证费用。
何塞
我收到了 Microsoft Azure 支持的回复如下:
I have reviewed your case and I understand that you have query regarding B2C Pricing. I would like to inform you that, the Tokens issued either in response to a sign-in request initiated by a user, or initiated by an application on behalf of a user. Please find the pricing details as mentioned below:
https://azure.microsoft.com/en-us/pricing/calculator/?service=active-directory-b2c
So if the user or an application, sign-in’s per day one time, hence, it would be charged 30 authentications for that user per month and Also, upto First 50,000 user or an application sign-in’s are free
我发了一个跟进来澄清:
So, just for clarification, even if it is the refresh token that is
used (which is good for 90 days if setup that way), that still charges
as an 'authentication'? This makes B2C extremely expensive and there
is no way that the Real Madrid example case is true, as they would be
spending ,000,000 a year or more just for authentications.
Microsoft will never get indie developers to be able to use this, and
it will be out of the price range of most medium businesses as well.
It is nowhere near competitive with Auth0, which for 50k users a month
and UNLIMITED authentications, costs just 0.
并收到以下回复:
Your suggestion are really important for us to make improvements for
our product and services. I would recommend that you open the feedback
link and provide us your valuable feedback. All of the feedback you
share in these forums will be monitored and reviewed by the Microsoft
engineering teams responsible for building Windows Azure.
https://feedback.azure.com/forums/223579-azure-portal/suggestions/18796606-lower-the-price-of-ad-b2c
如果您查看这些反馈,他们在一年内没有获得多少投票或行动,所以如果您希望 B2C 作为独立开发者或中小型公司的可行选择,请投票!
我对定义的 Azure AD B2C 定价结构感到困惑 here。 这个问题似乎来自这个描述:
Authentications: Tokens issued either in response to a sign-in request initiated by a user, or initiated by an application on behalf of a user (e.g. token refresh, where the refresh interval is configurable).
在我的租户/应用程序的 Azure AD B2C 设置中,我定义了一个 SignInUp 策略,然后可以选择访问/ID 令牌的生命周期(最长 24 小时)以及刷新令牌(最长 90 天) ) 然后刷新滑动 window 边界(最多 365 天或无过期)。 这与根据身份验证定价向我收费的身份验证有什么关系?
例如,如果我将我的访问/ID 令牌设置为 24 小时并将我的刷新令牌设置为 90 天,并且我使用 MSAL 库来获取 AcquireTokenSilentlyAsync 并且我有一个每天都进入该应用程序的用户,我会得到每月为该用户收取 30 次身份验证费用,或者因为刷新令牌尚未过期而仅收取 1 次身份验证费用?
这对成本以及我是否可以使用 B2C 来满足我的应用程序身份验证需求产生了巨大的影响。例如,每天有 100,000 名用户,如果我每月只收取 1 次身份验证费用,如果我的刷新令牌设置为 90 天,最终平均每月花费大约 50 美元,而如果它每 24 小时收取一次身份验证费用,我每月将收取 6300 美元的费用!对此的任何澄清表示赞赏。
让我对来自定价网站的代码段添加一些说明,然后进一步解释。 修订: 身份验证: ID 令牌或访问令牌 发出以响应用户发起的登录请求,或由应用程序代表用户获取新的 ID 令牌或新的访问令牌(例如,当应用程序使用刷新令牌时,刷新间隔是可配置的)。
ID 令牌的最长生命周期为 24 小时。假设您将 ID TOKEN 生命周期设置为 24 小时,一个用户在 30 天内每天使用您的应用程序,将至少进行 30 次身份验证。
如果您将 ID Token 生命周期设置为 1 小时,并表示用户连续使用您的应用 12 小时,那么当天最多可以添加 12 个令牌。
相反,刷新令牌是 "free." 刷新令牌与 ID 令牌的交换会导致身份验证费用。
何塞
我收到了 Microsoft Azure 支持的回复如下:
I have reviewed your case and I understand that you have query regarding B2C Pricing. I would like to inform you that, the Tokens issued either in response to a sign-in request initiated by a user, or initiated by an application on behalf of a user. Please find the pricing details as mentioned below: https://azure.microsoft.com/en-us/pricing/calculator/?service=active-directory-b2c So if the user or an application, sign-in’s per day one time, hence, it would be charged 30 authentications for that user per month and Also, upto First 50,000 user or an application sign-in’s are free
我发了一个跟进来澄清:
So, just for clarification, even if it is the refresh token that is used (which is good for 90 days if setup that way), that still charges as an 'authentication'? This makes B2C extremely expensive and there is no way that the Real Madrid example case is true, as they would be spending ,000,000 a year or more just for authentications. Microsoft will never get indie developers to be able to use this, and it will be out of the price range of most medium businesses as well. It is nowhere near competitive with Auth0, which for 50k users a month and UNLIMITED authentications, costs just 0.
并收到以下回复:
Your suggestion are really important for us to make improvements for our product and services. I would recommend that you open the feedback link and provide us your valuable feedback. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Windows Azure.
https://feedback.azure.com/forums/223579-azure-portal/suggestions/18796606-lower-the-price-of-ad-b2c
如果您查看这些反馈,他们在一年内没有获得多少投票或行动,所以如果您希望 B2C 作为独立开发者或中小型公司的可行选择,请投票!