堆栈内存溢出
  简体   繁体   English

Azure AD令牌终结点不返回access_token(仅是id_token和refresh_token)

[英]Azure AD token endpoint doesn't return an access_token (just an id_token and a refresh_token)

 原文  2017-08-24 04:30:11       xamarin/ oauth-2.0/ azure-active-directory/ xamarin.auth

问题描述

I'm using Xamarin.Auth for authenticating users against Google and Azure AD in a Xamarin Forms based mobile app. 我正在使用Xamarin.Auth在基于Xamarin Forms的移动应用程序中针对Google和Azure AD验证用户身份。 While everything works as expected with Google, I'm unable to get an access_token with Azure AD: 尽管一切都可以在Google上正常运行,但我无法使用Azure AD获得access_token:

  • Authorize works as expected providing code and state 按预期授权工作,提供代码和状态
  • Token returns an id_token and a refresh_token, but no access_token. 令牌返回id_token和refresh_token,但没有access_token。

I can replay this scenario in Postman, so this doesn't seem to be caused by Xamarin.Auth and is more likely to be blamed to my inability to properly interpret Microsoft's documentation... 我可以在Postman中重播此场景,因此这似乎不是Xamarin.Auth引起的,而更有可能归咎于我无法正确解释Microsoft的文档...

Your help would be truly appreciated! 您的帮助将不胜感激!

在此处输入图片说明

1 个解决方案

解决方案1
 4 已采纳  2017-08-24 05:23:52

You should include resource scope when acquiring token in Azure AD V2.0. 在Azure AD V2.0中获取令牌时,应包括资源范围。 Any web-hosted resource that integrates with Azure AD has a resource identifier, or Application ID URI. 与Azure AD集成的任何Web托管资源都具有资源标识符或应用程序ID URI。 For example, Microsoft Graph is https://graph.microsoft.com . 例如,Microsoft Graph是https://graph.microsoft.com

If you want to acquire access token for microsoft graph , and have permission to read mails of sign-in user , then token request would be : 如果要获取microsoft graph的访问令牌,并有权读取登录用户的邮件,则令牌请求为: 

POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh    // NOTE: Only required for web apps

Please read this document for how OAuth 2.0 Authorization Code Flow works in Azure AD V2.0 .And click here for Scopes, permissions, and consent in the Azure Active Directory v2.0 endpoint 请阅读本文档以了解OAuth 2.0授权代码流如何在Azure AD V2.0中工作。并单击此处以了解Azure Active Directory v2.0终结点中的范围,权限和同意

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 你如何从 Imgur 获取 access_token 和 refresh_token? - How do you get access_token and refresh_token from Imgur? 如何使用System.Net.Http将access_token和id_token发送到api - How to send an access_token and id_token to an api using System.Net.Http Azure AD B2C 中的访问令牌 - Access Token in Azure AD B2C 在Xamarin上存储访问令牌和刷新令牌 - Storing Access Token and Refresh Token on Xamarin 保护Dropbox访问令牌 - Securing the Dropbox access token Xamarin表格,ADAL无刷新令牌 - Xamarin Forms, ADAL No Refresh Token 如何使用 Xamarin.Essentials WebAuthenticator 中的 access_token? - How do I use the access_token from Xamarin.Essentials WebAuthenticator? 如何获得 Firebase ID 令牌? - How to get Firebase ID Token? 带有旧访问令牌 ADAL 的 AquireTokenAsync - AquireTokenAsync with old access token ADAL 需要刷新令牌/添加标签Firecloud消息传递 - Need to refresh token/add tags Firecloud messaging
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM