[英].Net core api with AD B2C OAuth 2.0 - Invalid_token error
I am following this resource.我正在关注此资源。 I can get the token successfully but get 401 upon using the token in the second call to my api.
我可以成功获取令牌,但在第二次调用我的 api 时使用令牌时得到 401。 It says Bearer error='invalid_token'.
它说 Bearer error='invalid_token'。 Earlier it was giving "Invalid issuer" so I decoded the token to use the issuer in "Instance" field of appSettings.json.
早些时候它给出了“无效的发行者”,所以我解码了令牌以在 appSettings.json 的“实例”字段中使用发行者。 Following are appSettings and token.
以下是 appSettings 和令牌。 What am I doing wrong?
我究竟做错了什么?
appSettings.json应用设置.json
{
"AzureAdB2C": {
"Instance": "https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxx/v2.0/",
"ClientId": "452gfsgsdfgsdgssfs5425234",
"Domain": "xxxxxxxxxxxxxxx.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_Auth-SignUpIn"
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
token令牌
{
"iss": "https://login.microsoftonline.com/23423fsf234234sfsd42342vsx2542/v2.0/",
"exp": 1551878022,
"nbf": 1551874422,
"aud": "ee965664-d1e3-4144-939a-11f77c523b50",
"oid": "a9ee8ebb-433d-424b-ae24-48c73ae9969c",
"sub": "a9ee8ebb-433d-424b-ae24-48c73ae9969c",
"name": "unknown",
"extension_xxxID": "9f27fd88-7faf-e411-80e6-005056851bfe",
"emails": [
"dfgdfgadfgadfg@dgadg.com"
],
"tfp": "B2C_1_Auth-SignUpIn",
"scp": "user_impersonation",
"azp": "4453gdfgdf53535bddhdh",
"ver": "1.0",
"iat": 1551874422
}
AD B2C instance AD B2C 实例
Azure AD B2C setting Azure AD B2C 设置
Postman - revalapi highlighted is the uri of the registered app in the previous shot Postman - revalapi 突出显示的是上一个镜头中注册应用程序的 uri
Token令牌
Error错误
Ok.好的。 Looks like AD B2C + .Net Core is not happy with onmicrosoft.com URI even though the Microsoft docs resource say it does.
看起来 AD B2C + .Net Core 对 onmicrosoft.com URI 不满意,即使 Microsoft 文档资源说它确实如此。 See here .
见这里。 I had to use the b2clogin.com uri as shown in below screen shots.
我必须使用 b2clogin.com uri,如下面的屏幕截图所示。 Hope it helps someone.
希望它可以帮助某人。
Postman邮差
AppSettings.json应用设置.json
Startup.Auth.cs启动.Auth.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
.AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddApplicationInsightsTelemetry();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
For registering your B2C dotnet core application first You have to login to your B2C Tenant.要首先注册您的B2C dotnet 核心应用程序,您必须登录到您的 B2C 租户。
After successful Registration configure following step for implicit grant flow.成功注册后,为隐式授权流程配置以下步骤。
Reply URLs回复网址
Make sure you have done this step accordingly:确保您已相应地完成此步骤:
Go to Settings and add postman callback URL to : https://www.getpostman.com/oauth2/callback转到设置并将邮递员回调 URL 添加到: https : //www.getpostman.com/oauth2/callback
Once you enter this URL correctly click on Save upper left.正确输入此 URL 后,单击左上角的保存。
See the screen shot below:请参阅下面的屏幕截图:
Edit Manifest编辑清单
For implicit grand flow click on your application manifest and search oauth2AllowImplicitFlow property make it to true对于隐式大流,单击您的应用程序清单并搜索oauth2AllowImplicitFlow属性使其为true
see the screen shot below:请参阅下面的屏幕截图:
Your settings for azure B2C is done for implicit grant flow API call.您对 azure B2C 的设置是为隐式授权流API 调用完成的。
Postman邮差
Now fire up your post man and select request type as OAuth 2.0 Like below:现在启动您的邮递员并选择请求类型为 OAuth 2.0 如下所示:
Now Click on Get New Access Token and new popup will appear现在单击获取新访问令牌,将出现新的弹出窗口
See the screen shot below:请参阅下面的屏幕截图:
Add your tenant ID on Auth URL Like this :在 Auth URL 上添加您的租户 ID ,如下所示:
https://login.microsoftonline.com/YourB2CTenantId/oauth2/authorize?resource=https://graph.microsoft.com https://login.microsoftonline.com/YourB2CTenantId/oauth2/authorize?resource=https://graph.microsoft.com
Set Your Client Id设置您的客户 ID
Set Scope you want to access设置要访问的范围
Now click on Request Token In response you will get your implicit grant access token:现在单击请求令牌作为响应,您将获得隐式授权访问令牌:
see the screen shot:看屏幕截图:
Access Data With this Token:使用此令牌访问数据:
Copy the token you have accessed already on the Token textbox and select token type as Bearer Token在 Token 文本框中复制您已经访问过的令牌,然后选择令牌类型作为不记名令牌
See the screen shot below:请参阅下面的屏幕截图:
So tricky part for implicit flow is to set up manifest property oauth2AllowImplicitFlow to true隐式流的棘手部分是将清单属性oauth2AllowImplicitFlow设置为 true
Hope this could solve your problem.希望这可以解决您的问题。 Thank you
谢谢
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.