从 Microsoft Identity Platform 获取刷新令牌
[英]Getting refresh token from Microsoft Identity Platform
问题描述
I have an Azure web app where I want users to sign into Microsoft (Azure AD).
我有一个 Azure Web 应用程序,我希望用户可以在其中登录 Microsoft (Azure AD)。 I need to get hold of the refresh token.我需要获取刷新令牌。 I have already looked at examples which use libraries that refresh the token silently in the background, but for my design I need to get hold of the refresh token itself.我已经查看了使用在后台静默刷新令牌的库的示例,但是对于我的设计,我需要掌握刷新令牌本身。
Is this possible to achieve with a high level authentication library (OpenID Connect?), and if so, how?这是否可以通过高级身份验证库(OpenID Connect?)来实现,如果可以,如何实现? For the manual approach, it is described here: https://docs.microsoft.com/en-us/graph/auth-v2-user Is there any example code or tutorial for this in ASP.NET or .NET Core?对于手动方法,在此处进行了描述: https : //docs.microsoft.com/en-us/graph/auth-v2-user在 ASP.NET 或 .NET Core 中是否有任何示例代码或教程?
1 个解决方案
解决方案1
1 2020-02-03 05:44:47
Firstly i would suggest using MSAL which Maintains a token cache and refreshes tokens for you when they are close to expire.首先,我建议使用MSAL ,它维护令牌缓存并在令牌即将到期时为您刷新令牌。 You don't need to handle token expiration on your own.您不需要自己处理令牌过期。
If you want to hold the refresh token , you can set the SaveTokens property to true when registering the OIDC middleware so that tokens will be saved into cookie .如果要保留刷新令牌,可以在注册 OIDC 中间件时将SaveTokens属性设置为 true,以便将令牌保存到 cookie 中。 I assume you are using the Microsoft.AspNetCore.Authentication.AzureAD.UI library :我假设您正在使用Microsoft.AspNetCore.Authentication.AzureAD.UI库:
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.SaveTokens = true;
});
Then you can access the tokens in controller like :然后您可以访问控制器中的令牌,例如:
var refreshToken = await HttpContext.GetTokenAsync("refresh_token");
var idToken = await HttpContext.GetTokenAsync("id_token");
Update:更新:
That is because you don't get refresh token correctly .那是因为您没有正确获得刷新令牌。 For testing , you can use code flow and add offline_access scope of OIDC :对于测试,您可以使用代码流并添加 OIDC 的offline_access范围:
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
options.SaveTokens = true;
options.ResponseType = "code";
options.ClientSecret = "xxxxxx";
options.Scope.Add("offline_access");
options.TokenValidationParameters.ValidateIssuer = false;
});
Replace ClientSecret with the one you config in Azure portal .将ClientSecret替换为您在 Azure 门户中配置的那个。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.