Azure Active Directory-获取访问令牌的授权

时间:2020-02-09 20:16:06

标签: oauth-2.0 azure-active-directory authorization

我正在关注https://docs.microsoft.com/en-gb/graph/auth-v2-user,希望从我的Web应用程序中调用Microsoft Graph Api。在本文的第2部分,它说明了如何获取发出请求以获取访问令牌的身份验证代码...

在第二部分的请求中,有人可以建议我从哪里获得“代码”吗?我期望这将作为查询字符串参数在重定向URL中返回,但事实并非如此。

谢谢

修改

由于使用该库时遇到的错误,我选择不使用MSAL。相反,我的配置如下:

Startup.cs 

         JwtSecurityTokenHandler.DefaultMapInboundClaims = false;

        var serviceProvider = services.BuildServiceProvider();
        var userAuthenticationTicketRepository = serviceProvider.GetService<IUserAuthenticationTicketRepositoryWrapper>();
        var configSettings = serviceProvider.GetService<IConfigSettings>();

        services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddAzureAd(options => configuration.Bind("Config:AzureAd", options))
            .AddCookie(options =>
            {
                options.SessionStore =
                    new AuthenticationTicketStore(userAuthenticationTicketRepository, configSettings);
            });

AddAzureAd

的实施 
 public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder, Action<AzureADOptions> configureOptions)
    {
        builder.Services.Configure(configureOptions);
        builder.Services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureOidcOptions>();

        builder.AddOpenIdConnect(options =>
        {
            options.Events = new OpenIdConnectEvents
            {
                OnRemoteFailure = context =>
                {
                    context.HandleResponse();
                    context.Response.Redirect("Account/AccessDenied");

                    return Task.FromResult(0);
                }
            };

        });

        return builder;
    }

ConfigureOidcOptions 

 public class ConfigureOidcOptions : IConfigureNamedOptions<OpenIdConnectOptions>
{
    private readonly AzureADOptions _azureOptions;

    public ConfigureOidcOptions(IOptions<AzureADOptions> azureOptions)
    {
        _azureOptions = azureOptions.Value;
    }

    public void Configure(string name, OpenIdConnectOptions options)
    {
        options.ClientId = _azureOptions.ClientId;
        options.ClientSecret = _azureOptions.ClientSecret;
        options.Authority = new Uri(new Uri(_azureOptions.Instance), _azureOptions.TenantId).ToString();
        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.CallbackPath = _azureOptions.CallbackPath;
        options.UseTokenLifetime = true;
    }

    public void Configure(OpenIdConnectOptions options)
    {
        Configure(Options.DefaultName, options);
    }
}

1 个答案:

答案 0 :(得分:1)

授权请求应为

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={client_id}
&response_type=code
&redirect_uri=http://localhost/myapp/
&response_mode=query
&scope=offline_access user.read mail.read
&state=12345

用您的值替换租户 client_id 。并且 redirect_uri 应该与门户网站中的一致。

enter image description here

在浏览器中请求URL时,将要求您登录。此后,您将在URL中获得code参数。

enter image description here

相关问题
最新问题