[英]Can custom (non-azure) service be a accessed using Azure managed identity?
I am trying to utilize azure managed identities to provide me a way to authenticate/authorize actions on a non-azure service.我正在尝试利用 azure 托管身份为我提供一种对非 azure 服务进行身份验证/授权操作的方法。 I want to integrate my own service - as an oauth2 resource server.
我想集成我自己的服务 - 作为 oauth2 资源服务器。
I would like to be able to validate the received oauth2 token (assigned to an azure managed identity) in my own service, and based on the information in the valid token decide on further action.我希望能够在我自己的服务中验证收到的 oauth2 令牌(分配给一个 azure 托管身份),并根据有效令牌中的信息决定进一步的操作。
I was trying to use an app registration for that purpose, but i haven't found a way how to link this with my desired managed identity.我试图为此目的使用应用程序注册,但我还没有找到如何将其与我想要的托管身份相关联的方法。
I would appreciate an advise in this topic very much.我非常感谢在这个主题上的建议。
Thanks, Lukas谢谢,卢卡斯
Every managed identity is backed by a service principal which can request permissions exposed trough Azure AD applications (resources).每个托管标识都由服务主体支持,该服务主体可以请求通过 Azure AD 应用程序(资源)公开的权限。 You just need to register an Azure AD Application and declare some roles (AKA application permissions) .
你只需要注册一个 Azure AD 应用程序并声明一些角色(AKA 应用程序权限) 。 In your token request add the resource=<your resource app id uri> or scopes=<your resource app id uri>/.default parameter.
在您的令牌请求中添加resource=<your resource app id uri>或scopes=<your resource app id uri>/.default参数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.