我正在关注https://docs.microsoft.com/en-gb/graph/auth-v2-user,希望从我的Web应用程序中调用Microsoft Graph Api。在本文的第2部分,它说明了如何获取发出请求以获取访问令牌的身份验证代码...
在第二部分的请求中,有人可以建议我从哪里获得“代码”吗?我期望这将作为查询字符串参数在重定向URL中返回,但事实并非如此。
谢谢
修改
由于使用该库时遇到的错误,我选择不使用MSAL。相反,我的配置如下:
Startup.cs
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
var serviceProvider = services.BuildServiceProvider();
var userAuthenticationTicketRepository = serviceProvider.GetService<IUserAuthenticationTicketRepositoryWrapper>();
var configSettings = serviceProvider.GetService<IConfigSettings>();
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddAzureAd(options => configuration.Bind("Config:AzureAd", options))
.AddCookie(options =>
{
options.SessionStore =
new AuthenticationTicketStore(userAuthenticationTicketRepository, configSettings);
});
AddAzureAd
的实施 public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder, Action<AzureADOptions> configureOptions)
{
builder.Services.Configure(configureOptions);
builder.Services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureOidcOptions>();
builder.AddOpenIdConnect(options =>
{
options.Events = new OpenIdConnectEvents
{
OnRemoteFailure = context =>
{
context.HandleResponse();
context.Response.Redirect("Account/AccessDenied");
return Task.FromResult(0);
}
};
});
return builder;
}
ConfigureOidcOptions
public class ConfigureOidcOptions : IConfigureNamedOptions<OpenIdConnectOptions>
{
private readonly AzureADOptions _azureOptions;
public ConfigureOidcOptions(IOptions<AzureADOptions> azureOptions)
{
_azureOptions = azureOptions.Value;
}
public void Configure(string name, OpenIdConnectOptions options)
{
options.ClientId = _azureOptions.ClientId;
options.ClientSecret = _azureOptions.ClientSecret;
options.Authority = new Uri(new Uri(_azureOptions.Instance), _azureOptions.TenantId).ToString();
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.CallbackPath = _azureOptions.CallbackPath;
options.UseTokenLifetime = true;
}
public void Configure(OpenIdConnectOptions options)
{
Configure(Options.DefaultName, options);
}
}
答案 0 :(得分:1)
授权请求应为
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={client_id}
&response_type=code
&redirect_uri=http://localhost/myapp/
&response_mode=query
&scope=offline_access user.read mail.read
&state=12345
用您的值替换租户和 client_id 。并且 redirect_uri 应该与门户网站中的一致。
在浏览器中请求URL时,将要求您登录。此后,您将在URL中获得code参数。