Azure Web 应用程序 - Azure AD - SPA - response_type 中缺少“令牌”
Azure Web App - Azure AD - SPA - `token` missing from response_type
我们正在使用 Azure Web 应用程序并使用该 Web 应用程序的身份验证来强制执行 Azure AD 身份验证。我们有一些工作,但正在尝试获取访问令牌,因为我们正在使用它来锁定 API 调用。查看网络调用,对 MSFT 端点的授权调用只有 "open_id code" 响应类型。显然,我可以将响应的代码转换为访问令牌,但我也应该能够在回调中获得访问令牌。
我已经检查过清单上的 oauth2AllowImplicitFlow 是否设置为 true,但我能找到的就这些了。
知道如何将 "token" 添加到 response_type 列表中吗?
open_id
:这是一个范围,不是响应类型。你可能是说 id_token
code
:表示应用服务正在执行Authorization Code flow。它使用返回的代码来交换实际的访问令牌。
据我了解,如果设置正确,您使用的是内置 AppService authentication. You probably don't need to change how AppService authenticates you. There is a good tutorial for it, but basically all you need to do is to call GET /.auth/me
in your SPA to receive the tokens. GET /.auth/refresh
will refresh 令牌。
GET https://xxx.azurewebsites.net/.auth/me
[
{
"access_token": "...",
"expires_on": "2020-03-20T09:49:01.0000000Z",
"id_token": "ey...",
"provider_name": "aad",
"refresh_token": "...",
"user_claims": [
{
"typ": "foo",
"val": "bar"
},
...
],
"user_id": "..."
}
]
如果你真的想尝试搞乱内置的身份验证,你可以尝试更改它(取自上面提到的 "refresh" 说明)。由于刷新功能,您可能仍然需要执行部分操作。
Azure Active Directory: In https://resources.azure.com, do the following steps:
1. At the top of the page, select Read/Write.
In the left browser, navigate to subscriptions > resourceGroups > > providers > Microsoft.Web > sites > > config > authsettings.
Click Edit.
Modify the following property. Replace with the Azure Active Directory application ID of the service you want to access.
"additionalLoginParams": ["response_type=code id_token", "resource=<app_id>"]
我们正在使用 Azure Web 应用程序并使用该 Web 应用程序的身份验证来强制执行 Azure AD 身份验证。我们有一些工作,但正在尝试获取访问令牌,因为我们正在使用它来锁定 API 调用。查看网络调用,对 MSFT 端点的授权调用只有 "open_id code" 响应类型。显然,我可以将响应的代码转换为访问令牌,但我也应该能够在回调中获得访问令牌。
我已经检查过清单上的 oauth2AllowImplicitFlow 是否设置为 true,但我能找到的就这些了。
知道如何将 "token" 添加到 response_type 列表中吗?
open_id
:这是一个范围,不是响应类型。你可能是说 id_token
code
:表示应用服务正在执行Authorization Code flow。它使用返回的代码来交换实际的访问令牌。
据我了解,如果设置正确,您使用的是内置 AppService authentication. You probably don't need to change how AppService authenticates you. There is a good tutorial for it, but basically all you need to do is to call GET /.auth/me
in your SPA to receive the tokens. GET /.auth/refresh
will refresh 令牌。
GET https://xxx.azurewebsites.net/.auth/me
[
{
"access_token": "...",
"expires_on": "2020-03-20T09:49:01.0000000Z",
"id_token": "ey...",
"provider_name": "aad",
"refresh_token": "...",
"user_claims": [
{
"typ": "foo",
"val": "bar"
},
...
],
"user_id": "..."
}
]
如果你真的想尝试搞乱内置的身份验证,你可以尝试更改它(取自上面提到的 "refresh" 说明)。由于刷新功能,您可能仍然需要执行部分操作。
Azure Active Directory: In https://resources.azure.com, do the following steps: 1. At the top of the page, select Read/Write.
In the left browser, navigate to subscriptions > resourceGroups > > providers > Microsoft.Web > sites > > config > authsettings.
Click Edit.
Modify the following property. Replace with the Azure Active Directory application ID of the service you want to access.
"additionalLoginParams": ["response_type=code id_token", "resource=<app_id>"]