[英]Supporting the On-Behalf-of flow with managed service identities
A very common flow for applications running in Azure and App Services is the on-behalf-of flow where the app can exchange an incoming access token along with its ClientId/ClientSecret to get access to another resource as the user. 在Azure和App Services中运行的应用程序的一个非常常见的流程是代表流,其中应用程序可以与其ClientId / ClientSecret交换传入访问令牌,以便以用户身份访问另一个资源。 Looking at the current, limited, docs on the MSI API, I only see getting an access token as the app itself.
查看MSI API上当前有限的文档,我只看到获取访问令牌作为应用程序本身。
How/when will the OBO scenario be supported? 如何/何时支持OBO方案?
I am aware that you could store the ClientId/ClientSecret in Key Vault and then use the MSI creds to retrieve those, but that seems redundant. 我知道您可以将ClientId / ClientSecret存储在Key Vault中,然后使用MSI信用来检索这些信息,但这似乎是多余的。
MSI does not support the On Behalf Of flow yet, or other delegated confidential client OAuth 2.0 flows with Azure AD (like the auth code flow). MSI不支持On Behave Of flow,或其他委派的机密客户端OAuth 2.0与Azure AD一起流动(如auth代码流)。 It is in the design process, no ETA announced yet.
在设计过程中,还没有宣布ETA。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.