直接来自移动应用的Azure AD授权
[英]Azure AD authorization directly from mobile app
问题描述
I'm working on Xamarin.Forms application where user should Authorize using Azure AD B2C . 
我正在使用Xamarin.Forms应用程序,其中用户应使用Azure AD B2C授权。 I've managed it just fine using this library . 我使用这个库管理得很好。
Now I'd like to know if it is possible to authorize without redirecting to webview . 现在我想知道是否可以在不重定向到webview情况下进行授权。 When user enters email and password on app send a get request directly to an url and receive access token , refresh token and etc. Just like in OAuth 2.0 . 当用户在应用程序上输入电子邮件和密码时,直接向网址发送获取请求并接收access token , refresh token等。就像在OAuth 2.0 。
I've researched and found out that skipping the webview authentication part is doable but extremely not recommended for security reasons but anyway, would be glad to hear any solutions. 我已经研究并发现跳过webview认证部分是可行的,但出于安全原因极不推荐,但无论如何,很高兴听到任何解决方案。
1 个解决方案
解决方案1
0 2016-11-25 09:20:47
Webview runs on SSL (https) and hence transmission of user credentials for authentication is secured. Webview在SSL(https)上运行,因此用于身份验证的用户凭据的传输是安全的。
It's worth noting that you don't have to use a web view for authentication; 值得注意的是,您不必使用Web视图进行身份验证; you may create your own user interface for this flow and pass the information back to MSAL. 您可以为此流创建自己的用户界面,并将信息传递回MSAL。 - this is mentioned on the same blog-post which you referred to. - 这是在你提到的同一个博客文章中提到的。
All you have to do is to design your own interface and pass back the login info. 您所要做的就是设计自己的界面并传回登录信息。 It seems like a little work to do. 这似乎是一项小工作要做。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.