简体繁体 English

支持托管服务标识的On-Behalf-of流

[英]Supporting the On-Behalf-of flow with managed service identities

原文 2017-09-15 03:05:54 0 1 azure/ azure-active-directory/ azure-managed-identity

A very common flow for applications running in Azure and App Services is the on-behalf-of flow where the app can exchange an incoming access token along with its ClientId/ClientSecret to get access to another resource as the user. 在Azure和App Services中运行的应用程序的一个非常常见的流程是代表流，其中应用程序可以与其ClientId / ClientSecret交换传入访问令牌，以便以用户身份访问另一个资源。 Looking at the current, limited, docs on the MSI API, I only see getting an access token as the app itself. 查看MSI API上当前有限的文档，我只看到获取访问令牌作为应用程序本身。

How/when will the OBO scenario be supported? 如何/何时支持OBO方案？

I am aware that you could store the ClientId/ClientSecret in Key Vault and then use the MSI creds to retrieve those, but that seems redundant. 我知道您可以将ClientId / ClientSecret存储在Key Vault中，然后使用MSI信用来检索这些信息，但这似乎是多余的。

1 个解决方案

MSI does not support the On Behalf Of flow yet, or other delegated confidential client OAuth 2.0 flows with Azure AD (like the auth code flow). MSI不支持On Behave Of flow，或其他委派的机密客户端OAuth 2.0与Azure AD一起流动（如auth代码流）。 It is in the design process, no ETA announced yet. 在设计过程中，还没有宣布ETA。

Azure：从应用服务访问 Key Vault 时，如何解决“策略要求调用方‘...’使用代表 (OBO) 流”？ - Azure: How to fix "The policy requires the caller '...' to use on-behalf-of (OBO) flow" when accessing Key Vault from App Service?

用于Power Bi管理的Azure AD代理流 - Azure AD On-Behalf-Of flow for power bi management

了解Microsoft Azure AD代理（OBO）流程 - Understanding Microsoft Azure AD On-Behalf-Of (OBO) flow

使用“代表流的Web API”创建Microsoft Graph Webhook时访问令牌验证失败 - Access token validation failure when creating Microsoft Graph webhook using the “Web API on-behalf-of flow”

如何通过 MFA 身份验证在 Outlook-addin 中代表流 - How to pass through MFA auth for on-behalf-of flow in Outlook-addin

来自 OAuth 的 Base64 SAML 断言无效，代表 Azure AD 中的流 - Invalid Base64 SAML Assertion from OAuth on-behalf-of flow in Azure AD

使用 Azure 托管标识进行服务到服务调用 - Use Azure Managed Identities for service to service calls

Azure Service Fabric和托管服务身份 - Azure Service Fabric and Managed Service Identities

Azure 中服务主体和托管标识之间的区别 - Difference between Service Principal and Managed Identities in Azure

代表客户端应用程序对Azure AD进行身份验证 - Authenticate to Azure AD on-behalf-of a client application

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure：从应用服务访问 Key Vault 时，如何解决“策略要求调用方‘...’使用代表 (OBO) 流”？ - Azure: How to fix "The policy requires the caller '...' to use on-behalf-of (OBO) flow" when accessing Key Vault from App Service? 用于Power Bi管理的Azure AD代理流 - Azure AD On-Behalf-Of flow for power bi management 了解Microsoft Azure AD代理（OBO）流程 - Understanding Microsoft Azure AD On-Behalf-Of (OBO) flow 使用“代表流的Web API”创建Microsoft Graph Webhook时访问令牌验证失败 - Access token validation failure when creating Microsoft Graph webhook using the “Web API on-behalf-of flow” 如何通过 MFA 身份验证在 Outlook-addin 中代表流 - How to pass through MFA auth for on-behalf-of flow in Outlook-addin 来自 OAuth 的 Base64 SAML 断言无效，代表 Azure AD 中的流 - Invalid Base64 SAML Assertion from OAuth on-behalf-of flow in Azure AD 使用 Azure 托管标识进行服务到服务调用 - Use Azure Managed Identities for service to service calls Azure Service Fabric和托管服务身份 - Azure Service Fabric and Managed Service Identities Azure 中服务主体和托管标识之间的区别 - Difference between Service Principal and Managed Identities in Azure 代表客户端应用程序对Azure AD进行身份验证 - Authenticate to Azure AD on-behalf-of a client application

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM