Azure AD 访问令牌请求
Azure AD Access Token Request
在我的 WebAssembly Blazor 应用程序中,我需要访问我正在开发的 API 和 Microsoft.Graph。
据我了解,我不能对 2 个不同的资源(我的 API 和 Graph)使用相同的不记名令牌。
我在 Program.cs
中使用 MSAL 设置了对 API 的访问权限
builder.Services.AddBaseAddressHttpClient();
builder.Services.AddMsalAuthentication(options =>
{
var authentication = options.ProviderOptions.Authentication;
authentication.Authority = "https://login.microsoftonline.com/xxx";
authentication.ClientId = "xxx";
options.ProviderOptions.DefaultAccessTokenScopes.Add("xxx/user_impersonation");
});
我正在尝试在需要时直接获取图表 API 的令牌(在 this 之后):
internal class Token
{
[JsonProperty("access_token")]
public string AccessToken { get; set; }
[JsonProperty("token_type")]
public string TokenType { get; set; }
[JsonProperty("expires_in")]
public int ExpiresIn { get; set; }
[JsonProperty("refresh_token")]
public string RefreshToken { get; set; }
}
private static async Task<Token> GetElibilityToken(HttpClient client)
{
string baseAddress = @"https://login.microsoftonline.com/xxx/oauth2/v2.0/token";
string grant_type = "authorization_code";
string client_id = "xxx";
string client_secret = "==xxx";
string scope = "https://graph.microsoft.com/.default";
var form = new Dictionary<string, string>
{
{"grant_type", grant_type},
{"client_id", client_id},
{"client_secret", client_secret},
{"scope", scope }
};
HttpResponseMessage tokenResponse = await client.PostAsync(baseAddress, new FormUrlEncodedContent(form));
var jsonContent = await tokenResponse.Content.ReadAsStringAsync();
Token tok = JsonConvert.DeserializeObject<Token>(jsonContent);
return tok;
}
方法是否正确?还有更好的吗?
我应该在 Program.cs 中注册 2 IAccessTokenProvider 吗?怎么样?
我遇到的问题是我不断收到错误消息:
Access to fetch at 'https://login.microsoftonline.com/xxx/oauth2/v2.0/token' from origin 'https://localhost:xxx' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
dotnet.3.2.0-preview2.20159.2.js:1 POST https://login.microsoftonline.com/xxx/oauth2/v2.0/token net::ERR_FAILED
如何在我的请求中设置 CORS?
每次请求新令牌时,使用选项指定范围:
IAccessTokenProvider authService; /* inject your IAccessTokenProvider */
var tokenResult = await authService .RequestAccessToken(
new AccessTokenRequestOptions
{
ReturnUrl = "...",
Scopes = new string[] { "..." }
});
在我的 WebAssembly Blazor 应用程序中,我需要访问我正在开发的 API 和 Microsoft.Graph。
据我了解,我不能对 2 个不同的资源(我的 API 和 Graph)使用相同的不记名令牌。
我在 Program.cs
中使用 MSAL 设置了对 API 的访问权限builder.Services.AddBaseAddressHttpClient();
builder.Services.AddMsalAuthentication(options =>
{
var authentication = options.ProviderOptions.Authentication;
authentication.Authority = "https://login.microsoftonline.com/xxx";
authentication.ClientId = "xxx";
options.ProviderOptions.DefaultAccessTokenScopes.Add("xxx/user_impersonation");
});
我正在尝试在需要时直接获取图表 API 的令牌(在 this 之后):
internal class Token
{
[JsonProperty("access_token")]
public string AccessToken { get; set; }
[JsonProperty("token_type")]
public string TokenType { get; set; }
[JsonProperty("expires_in")]
public int ExpiresIn { get; set; }
[JsonProperty("refresh_token")]
public string RefreshToken { get; set; }
}
private static async Task<Token> GetElibilityToken(HttpClient client)
{
string baseAddress = @"https://login.microsoftonline.com/xxx/oauth2/v2.0/token";
string grant_type = "authorization_code";
string client_id = "xxx";
string client_secret = "==xxx";
string scope = "https://graph.microsoft.com/.default";
var form = new Dictionary<string, string>
{
{"grant_type", grant_type},
{"client_id", client_id},
{"client_secret", client_secret},
{"scope", scope }
};
HttpResponseMessage tokenResponse = await client.PostAsync(baseAddress, new FormUrlEncodedContent(form));
var jsonContent = await tokenResponse.Content.ReadAsStringAsync();
Token tok = JsonConvert.DeserializeObject<Token>(jsonContent);
return tok;
}
方法是否正确?还有更好的吗?
我应该在 Program.cs 中注册 2 IAccessTokenProvider 吗?怎么样?
我遇到的问题是我不断收到错误消息:
Access to fetch at 'https://login.microsoftonline.com/xxx/oauth2/v2.0/token' from origin 'https://localhost:xxx' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
dotnet.3.2.0-preview2.20159.2.js:1 POST https://login.microsoftonline.com/xxx/oauth2/v2.0/token net::ERR_FAILED
如何在我的请求中设置 CORS?
每次请求新令牌时,使用选项指定范围:
IAccessTokenProvider authService; /* inject your IAccessTokenProvider */
var tokenResult = await authService .RequestAccessToken(
new AccessTokenRequestOptions
{
ReturnUrl = "...",
Scopes = new string[] { "..." }
});