简体繁体 English

OpenId 连接，查询 Microsoft Graph

[英]OpenId Connect, Query Microsoft Graph

原文 2021-09-28 17:28:08 0 1 javascript/ azure/ openid-connect/ msal

We have a.Net Web Application that uses Single Sign On implemented by OpenID Connect to create an ID token and log a user in. Specifically Microsoft.Owin.Security.OpenIdConnect and Microsoft.IdentityModel.Protocols.OpenIdConnect我们有一个.Net Web 应用程序，它使用由 OpenID Connect 实现的单点登录来创建 ID 令牌并让用户登录。特别是Microsoft.Owin.Security.OpenIdConnect和Microsoft.IdentityModel.Protocols.OpenIdConnect

I now have a requirement to query Microsoft Graph API via JavaScript.我现在需要通过 JavaScript 查询 Microsoft Graph API。

In order for me to query Graph API I assume I need an Access token (plus I want to be mindful of token expiry and refresh).为了让我查询图 API，我假设我需要一个访问令牌（另外我想注意令牌过期和刷新）。

What is the recommended approach to get from Single Sign On producing an ID token on the backend to querying Microsoft Graph API via JavaScript on the front end?从后端生成 ID 令牌的单点登录到前端通过 JavaScript 查询 Microsoft Graph API 的推荐方法是什么？ Ideally I wouldn't put an proxy/pass-through API inbetween to get an Auth Token on my behalf.理想情况下，我不会在中间放置代理/直通 API 来代表我获取 Auth Token。

1 个解决方案

I figured it out.我想到了。

The main application uses OpenID Connect to establish an ID Token.主应用程序使用 OpenID Connect 建立 ID Token。 I then use MSAL.js to silently login utilizing my already established SSO session.然后我使用 MSAL.js 使用我已经建立的 SSO session 静默登录。

This is the sample I followed:这是我遵循的示例：

https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-browser-samples/VanillaJSTestApp2.0/app/ssoSilent https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-browser-samples/VanillaJSTestApp2.0/app/ssoSilent

I then can acquire an access token to query Graph API.然后我可以获得一个访问令牌来查询图 API。