[英]Skip offline access permission in Microsoft OIDC authorization
I'm using this code我正在使用此代码
var app = ConfidentialClientApplicationBuilder.Create(AzureAdApplicationId)
.WithTenantId("organizations")
.WithRedirectUri(AzureAdRedirectUrl)
.WithClientSecret(AzureAdSecretKey)
.Build();
azureAdScopes = new List<string>() { "email" };
var signInRequest = app.GetAuthorizationRequestUrl(azureAdScopes);
var uri = await signInRequest.ExecuteAsync();
which produces the url产生网址
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?scope=email+openid+profile+offline_access&.. .
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?scope=email+openid+profile+offline_access&..
All I need is the user's username and I don't need offline access to the user's account.我只需要用户的用户名,我不需要离线访问用户的帐户。 How can I remove them from the scope?
如何将它们从范围中删除?
You could request the url without offline_access
, but Azure AD v2.0 OAuth2 Account Consent Page automatically lists "Access your data anytime" even though offline_access is not specified in scope.您可以在不使用
offline_access
的情况下请求 url,但 Azure AD v2.0 OAuth2 帐户同意页面会自动列出“随时访问您的数据”,即使范围中未指定 offline_access。 This is an issue related.这是一个相关的问题。
The Note shows in the document :该注释在文档中显示:
At this time, the offline_access ("Maintain access to data you have given it access to") and user.read ("Sign you in and read your profile") permissions are automatically included in the initial consent to an application.
此时,对应用程序的初始同意中会自动包含 offline_access(“维护对您授予其访问权限的数据的访问权限”)和 user.read(“登录并阅读您的个人资料”)权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.