在 Microsoft OIDC 授权中跳过离线访问权限
[英]Skip offline access permission in Microsoft OIDC authorization
问题描述
I'm using this code
我正在使用此代码
var app = ConfidentialClientApplicationBuilder.Create(AzureAdApplicationId)
.WithTenantId("organizations")
.WithRedirectUri(AzureAdRedirectUrl)
.WithClientSecret(AzureAdSecretKey)
.Build();
azureAdScopes = new List<string>() { "email" };
var signInRequest = app.GetAuthorizationRequestUrl(azureAdScopes);
var uri = await signInRequest.ExecuteAsync();
which produces the url产生网址
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?scope=email+openid+profile+offline_access&.. .
All I need is the user's username and I don't need offline access to the user's account.我只需要用户的用户名,我不需要离线访问用户的帐户。 How can I remove them from the scope?如何将它们从范围中删除?
1 个解决方案
解决方案1
1 已采纳 2020-10-26 08:24:30
You could request the url without offline_access , but Azure AD v2.0 OAuth2 Account Consent Page automatically lists "Access your data anytime" even though offline_access is not specified in scope.您可以在不使用offline_access的情况下请求 url,但 Azure AD v2.0 OAuth2 帐户同意页面会自动列出“随时访问您的数据”,即使范围中未指定 offline_access。 This is an issue related.这是一个相关的问题。
The Note shows in the document :该注释在文档中显示:
At this time, the offline_access ("Maintain access to data you have given it access to") and user.read ("Sign you in and read your profile") permissions are automatically included in the initial consent to an application.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.