Azure AD:id_token 作为不记名令牌
Azure AD: id_token as bearer token
我在 Azure AD 中注册了一个应用程序。
如果我在 Web API 和客户端(SPA 应用程序)级别使用相同的 Application ID,为什么两个 Azure AD 身份验证库
(ADAL JS for Azure AD v1 and MSAL.js 对于 Azure AD v2)
调用 Web API 时使用 ID token 作为承载令牌,而不是请求和使用 access token?这不违反规范吗?
根据官方文档,这可能是您的情况。
"The OAuth 2.0 implicit flow in Azure AD is designed to return an ID token when the resource for which the token is being requested is the same as the client application. In other words, when the JS client uses ADAL JS to request a token for its own backend web API registered with same App ID as the client, an ID token is returned and cached by the library. Note that in this case the resource should be set to the App ID of the client (App ID URI will not work). This ID token can then be used as a bearer token in the calls to your application's backend API."
您可以在这里找到更多相关信息!
https://github.com/AzureAD/azure-activedirectory-library-for-js/wiki/Acquire-tokens
我在 Azure AD 中注册了一个应用程序。
如果我在 Web API 和客户端(SPA 应用程序)级别使用相同的 Application ID,为什么两个 Azure AD 身份验证库
(ADAL JS for Azure AD v1 and MSAL.js 对于 Azure AD v2)
调用 Web API 时使用 ID token 作为承载令牌,而不是请求和使用 access token?这不违反规范吗?
根据官方文档,这可能是您的情况。
"The OAuth 2.0 implicit flow in Azure AD is designed to return an ID token when the resource for which the token is being requested is the same as the client application. In other words, when the JS client uses ADAL JS to request a token for its own backend web API registered with same App ID as the client, an ID token is returned and cached by the library. Note that in this case the resource should be set to the App ID of the client (App ID URI will not work). This ID token can then be used as a bearer token in the calls to your application's backend API."
您可以在这里找到更多相关信息!
https://github.com/AzureAD/azure-activedirectory-library-for-js/wiki/Acquire-tokens