堆栈内存溢出
  简体   繁体   English

Azure AD 登录使用 C#。 获取刷新令牌和访问令牌

[英]Azure AD login using C#. Acquiring Refresh token and Access token

 原文  2020-06-24 16:44:12       c#/ oauth/ azure-active-directory

问题描述

Task: I need to create a WPF application, which will work with EWS(Exchange web-service).任务:我需要创建一个 WPF 应用程序,它将与 EWS(Exchange Web 服务)一起使用。 I, also, have the 2 restrictions:我也有两个限制:

  • login should proceed only once (it should use refresh token to reconnect)登录应该只进行一次(它应该使用刷新令牌重新连接)
  • it should support 2FA它应该支持2FA

My solution part: I use OAuth to connect to Azure AD.我的解决方案部分:我使用 OAuth 连接到 Azure AD。 As OAuth client I use Microsoft.Identity.Client.作为 OAuth 客户端,我使用 Microsoft.Identity.Client。 For the first login I have such code:对于第一次登录,我有这样的代码:

var pcaOptions = new PublicClientApplicationOptions
{
    ClientId = *my_client_id*,
    TenantId = *my_tenant*
};
AuthenticationResult authResult = pca.AcquireTokenInteractive(ewsScopes).ExecuteAsync().Result;

This part of code shows up a WPF window, where I input credentials and return me a result(AuthenticationResult), which contains Access Token.这部分代码显示了 WPF window,我在其中输入凭据并返回结果(AuthenticationResult),其中包含访问令牌。

Problem: AuthenticationResult doesn't have a Refresh Token, so I can't fulfill the first restriction.问题: AuthenticationResult 没有刷新令牌,所以我无法满足第一个限制。 Are there any solutions or over ways?有没有解决方案或方法?

Additional question: How to update a Refresh token using Microsoft.Identity.Client?附加问题:如何使用 Microsoft.Identity.Client 更新刷新令牌?

1 个解决方案

解决方案1
 1 已采纳  2020-06-25 14:02:41

MSAL.NET does not expose refresh tokens , for security reasons: MSAL handles refreshing tokens for you with token cache.出于安全原因, MSAL.NET 不公开刷新令牌:MSAL 使用令牌缓存为您处理刷新令牌。

MSAL maintains a token cache and caches a token after it has been acquired. MSAL 维护令牌缓存并在获取令牌后对其进行缓存。 It's also capable of refreshing a token when it's getting close to expiration (as the token cache also contains a refresh token ).它还能够在接近到期时刷新令牌(因为令牌缓存也包含刷新令牌)。

You can improve the availability of your application by regularly using WithForceRefresh which will internally acquire new access token when set to true您可以通过定期使用WithForceRefresh来提高应用程序的可用性,当设置为true时,它将在内部获取新的访问令牌

result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
             .WithForceRefresh(true)
             .ExecuteAsync();

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 获取Azure SQL Server的Azure AD令牌 - Acquiring Azure AD Token for Azure SQL Server 获取 Azure AD 令牌时出现死锁 - Deadlock while acquiring Azure AD Token Azure AD 访问令牌请求 - Azure AD Access Token Request 如何为Azure AD创建和使用刷新令牌 - How to create and use a refresh token for Azure AD C# 获取 Azure AD 标识的访问令牌 - C# Get Access Token for Azure AD Identity Azure AD - 在 C# Web API 中使用来自 Angular SPA 的图 API 访问令牌 - Azure AD - Using Graph API access token from Angular SPA in C# Web API 如何将Daemon或Server的Azure AD OAuth2访问令牌和刷新令牌转换为C#ASP.NET Web API - How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API 找不到范围(scp)中的Azure AD访问令牌 - Azure AD Access token in not found Scope (scp) 从 Azure AD 接收无效的访问令牌 - Receiving invalid access token from Azure AD Azure AD 获取访问令牌 - 错误请求 - Azure AD getting Access token - Bad Request
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM