[英]How to get access token in azure Active directory in Angular2
我开始学习Oath 2,我需要从前端侧(角度2)获取访问令牌,而无需显示Microsoft登录页面,对此有任何选择,请与我分享,谢谢。
There are two kinds of token which Azure AD could issue. Azure AD可以发行两种令牌。
First is the delegated token which used to delegate the sign-in user. 首先是用于委托登录用户的委托令牌。 And normally this kind of token required to users sign-in( Authorization Code Grant flow ).
通常,这种令牌需要用户登录( 授权码授予流程 )。 However if there is a high degree of trust between the resource owner and the client, we can also use Resource Owner Password Credentials flow which using users' username and password in code directly without users participate.
但是,如果资源所有者和客户端之间高度信任,我们也可以使用资源所有者密码凭据流 ,该流程直接在代码中使用用户名和密码来使用用户,而无需用户参与。
And the second kind of token is delegated the application called app-only token. 第二种令牌被委托给应用程序,称为仅应用程序令牌。 To acquire this kind of token, we can use the app's key or the certificate without users sign-in( Client credentials flow ).
要获取这种令牌,我们可以使用应用程序的密钥或证书,而无需用户登录( 客户端凭据流 )。
If you were developing with Client credentials flow , you can refer here which acquire the token for Microsoft Graph using Client credentials flow . 如果您正在使用客户端凭据流进行开发,则可以在此处参考使用客户端凭据流获取Microsoft Graph的令牌。
To acquire the token using the Client Credentials flow for multi-tenant apps, we need to grant the permission to the application to register the service principal to the customers' tenant. 要使用多租户应用程序的“ 客户端证书”流程获取令牌,我们需要向该应用程序授予权限,以将服务主体注册到客户的租户。 We can use the Code grant flow to grant the permission.
我们可以使用代码授予流程来授予权限。 More detail about the multi-tenant apps, you can refer here .
有关多租户应用程序的更多详细信息,您可以在此处参考。
To init the code grant flow , you can refer the request sample from here . 要初始化代码授予流程 ,可以从此处引用请求样本。 After the you grant the permission, the customer also could see this application on their portal.
在您授予许可之后,客户还可以在其门户上看到此应用程序。 Then you can use the the client credentials flow to reacquire the token from customers' tenant.
然后,您可以使用客户端凭据流程从客户的租户重新获取令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.