Azure AD答复URLS和客户端凭据授予流
[英]Azure AD reply URLS and Client Credential Grant flow
问题描述
I have 2 services, let's say A and B configured as web apps in azure. 
我有2个服务,比如说A和B在天蓝色时配置为Web应用程序。 B needs a JWT bearer token to return a value. B需要一个JWT承载令牌来返回一个值。 So when we try to call B from A, we Include the JWT bearer token in HTTP call from A using the Client Credential Grant flow explained here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow 因此,当我们尝试从A调用B时,我们使用此处解释的“客户端凭据授予”流将JWT承载令牌包括在A的HTTP调用中: https : //docs.microsoft.com/zh-cn/azure/active-directory/开发/ V1-的oauth2-客户creds赠款流
Now the AAD registration of service B doesn't have localhost as it's reply URL but I noticed that I was able to talk to it from localhost. 现在,服务B的AAD注册没有回复地址的本地主机,但我注意到我能够从本地主机与其进行对话。 So Does AAD not respect reply URLs in client credential grant flow? 那么,AAD是否不尊重客户端证书授予流程中的回复URL?
My understanding of reply URLs is this: 我对回复网址的理解是:
“In the case of a web API or web application, the Reply URL is the location to which Azure AD will send the authentication response, including a token if the authentication was successful.” “对于Web API或Web应用程序,答复URL是Azure AD将身份验证响应发送到的位置,如果身份验证成功,则包括令牌。”
I'm using AuthorizationContext.AcquireTokenAsync() method with client credentials of App A and resource id of App B. So It should not return me the token to localhost because it's not configured? 我使用的是AuthorizationContext.AcquireTokenAsync()方法,其中包含应用程序A的客户端凭据和应用程序B的资源ID。因此,由于未配置令牌,因此不应将其返回给本地主机吗?
1 个解决方案
解决方案1
1 已采纳 2019-01-23 08:53:13
Now the AAD registration of service B doesn't have localhost as it's reply URL but I noticed that I was able to talk to it from localhost.
No, reply URLs define the destinations where AAD can send tokens after user authenticates. 否,回复URL定义了AAD在用户验证后可以发送令牌的目的地。 In client credentials flow the tokens are sent in a response to a request from a program. 在客户端凭证流中,令牌是对程序请求的响应而发送的。 So they do not matter. 所以他们没关系。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.