[英]Azure AD login using C#. Acquiring Refresh token and Access token
Task: I need to create a WPF application, which will work with EWS(Exchange web-service).任务:我需要创建一个 WPF 应用程序,它将与 EWS(Exchange Web 服务)一起使用。 I, also, have the 2 restrictions:
我也有两个限制:
My solution part: I use OAuth to connect to Azure AD.我的解决方案部分:我使用 OAuth 连接到 Azure AD。 As OAuth client I use Microsoft.Identity.Client.
作为 OAuth 客户端,我使用 Microsoft.Identity.Client。 For the first login I have such code:
对于第一次登录,我有这样的代码:
var pcaOptions = new PublicClientApplicationOptions
{
ClientId = *my_client_id*,
TenantId = *my_tenant*
};
AuthenticationResult authResult = pca.AcquireTokenInteractive(ewsScopes).ExecuteAsync().Result;
This part of code shows up a WPF window, where I input credentials and return me a result(AuthenticationResult), which contains Access Token.这部分代码显示了 WPF window,我在其中输入凭据并返回结果(AuthenticationResult),其中包含访问令牌。
Problem: AuthenticationResult doesn't have a Refresh Token, so I can't fulfill the first restriction.问题: AuthenticationResult 没有刷新令牌,所以我无法满足第一个限制。 Are there any solutions or over ways?
有没有解决方案或方法?
Additional question: How to update a Refresh token using Microsoft.Identity.Client?附加问题:如何使用 Microsoft.Identity.Client 更新刷新令牌?
MSAL.NET does not expose refresh tokens , for security reasons: MSAL handles refreshing tokens for you with token cache.出于安全原因, MSAL.NET 不公开刷新令牌:MSAL 使用令牌缓存为您处理刷新令牌。
MSAL maintains a token cache and caches a token after it has been acquired.
MSAL 维护令牌缓存并在获取令牌后对其进行缓存。 It's also capable of refreshing a token when it's getting close to expiration (as the token cache also contains a refresh token ).
它还能够在接近到期时刷新令牌(因为令牌缓存也包含刷新令牌)。
You can improve the availability of your application by regularly using WithForceRefresh which will internally acquire new access token when set to true
您可以通过定期使用WithForceRefresh来提高应用程序的可用性,当设置为
true
时,它将在内部获取新的访问令牌
result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
.WithForceRefresh(true)
.ExecuteAsync();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.