我正在使用Azure AD V2应用程序对基于Angular的应用程序进行身份验证。我正在将ASP.NET Web API用于后端。
我正在使用身份验证代码流来获取身份验证代码,并使用该代码来获取用户访问令牌和刷新令牌,如文章中所述:https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
对于我的Azure AD帐户,此流程对我来说很好。当我使用Outlook帐户登录时,它提供了我的代码,但是当我尝试使用代码获取访问令牌时,它不起作用,并且响应中出现错误请求错误。
以下是我在Web API中使用的:
public async Task<string> GetAccessToken(string code)
{
string token = "", refresh_token = "";
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var keyValuePairs = new List<KeyValuePair<string, string>>();
keyValuePairs.Add(new KeyValuePair<string, string>("scope", AppsConfiguration.idaScope));
keyValuePairs.Add(new KeyValuePair<string, string>("client_id", AppsConfiguration.idaClient_id));
keyValuePairs.Add(new KeyValuePair<string, string>("client_secret", AppsConfiguration.idaClient_secret));
keyValuePairs.Add(new KeyValuePair<string, string>("grant_type", AppsConfiguration.grant_type_authorization_code));
keyValuePairs.Add(new KeyValuePair<string, string>("code", code));
keyValuePairs.Add(new KeyValuePair<string, string>("redirect_uri", AppsConfiguration.idaRedirect_uri));
var client1 = new HttpClient();
var req = new HttpRequestMessage(HttpMethod.Post, AppsConfiguration.idaTokenEndpoint) { Content = new FormUrlEncodedContent(keyValuePairs) };
using (var res = client1.SendAsync(req).Result)
{
if (res.IsSuccessStatusCode)
{
var jsonresult = JObject.Parse(await res.Content.ReadAsStringAsync());
token = (string)jsonresult["access_token"];
refresh_token = (string)jsonresult["refresh_token"];
}
}
return token;
}
我是否需要在Azure AD V2应用程序中进行任何特定的配置?
谢谢!
答案 0 :(得分:0)
我将v2端点的登录URL使用为https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id= {client id} ....
尽管此方法适用于Active Directory帐户和onmicrosoft帐户,但不适用于诸如hotmail / outlook之类的Microsoft Personal帐户。
对我来说,当我将上述登录URL更改为时,它起作用了: https://login.microsoftonline.com/ {域名/域名ID} /oauth2/v2.0/authorize?client_id= {客户端ID}。...
谢谢!