堆栈内存溢出
  简体   繁体   English

如何在节点 Azure Function(用于基于角色的访问控制)中验证和解密从 Azure AD 获得的授权承载令牌?

[英]How do I validate and decipher Authorization Bearer Token obtained from Azure AD in a Node Azure Function (for Role Based Access Control)?

 原文  2021-10-03 17:07:52       node.js/ azure-active-directory/ azure-functions/ bearer-token/ rbac

问题描述

I'm using Azure AD and have registered an application in it.我正在使用 Azure AD 并在其中注册了一个应用程序。 I've used msal-browser JS library to sign-in the user and obtain an Authorization token:我使用msal-browser JS 库登录用户并获取授权令牌:

{
    //...
    "accessToken": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkY...",
    "account": {
        "homeAccountId": "00000000-0000-0000-bac6-4831a1177397.9188040d-6c67-4c5b-b112-36a304b66dad",
        "environment": "login.windows.net",
        "tenantId": "62765715-2081-4050-bdc7-8c2e178d7424",
        "username": "tfgh55555@outlook.com",
        "localAccountId": "6fad727e-1df2-4b14-b234-30b407b7ab42",
        "name": "Tali Gehrin",
        "idTokenClaims": {
            "aud": "0d42647a-183c-404b-bbe1-796ad6420989",
            "iss": "https://login.microsoftonline.com/62765715-2081-4050-bdc7-8c2e178d7424/v2.0",
            "iat": 1633271767,
            "nbf": 1633271767,
            "exp": 1633275667,
            "idp": "https://sts.windows.net/9188040d-6c67-4c5b-b112-36a304b66dad/",
            "name": "Tali Gehrin",
            "nonce": "b04400da-eb58-4617-bbaa-5c66e04d762a",
            "oid": "6fad727e-1df2-4b14-b234-30b407b7ab42",
            "preferred_username": "tfgh55555@outlook.com",
            "rh": "0.AREAFVd2YoEgUEC9x4wuF410JHpkQg08GEtAu-F5atZCCYkRABI.",
            "roles": [
                "content_manager" //<= the role i'm interested in
            ],
            "sub": "WbvYLdLb3DNVgczM_iyu4n4i-s8mPtfhQqVyAK_abaU",
            "tid": "62765715-2081-4050-bdc7-8c2e178d7424",
            "uti": "HDhn_MWkl0iGcm-jlBEMAA",
            "ver": "2.0"
        }
    },
    //...
}

I'm passing accessToken in an HTTP call as header我在 HTTP 调用中将 accessToken 传递为accessToken

Authorization: Bearer yJ0eXAiOiJKV1QiLCJub25jZSI6IkY...

How do I validate and decipher this token inside an Azure function running Node?我如何在 Azure function 运行的节点中验证和解密这个令牌?

1 个解决方案

解决方案1
 -1  2021-10-06 06:53:45

You can validate and decipher this token inside an Azure function running Node by Azure function that implements the HTTP trigger.您可以在Azure function运行节点的 Azure function 中验证和解密此令牌,该节点实现了 HTTP 触发器。 This requires configuration data to perform a token validation and these are inside the AzureAdTokenAttribute instance.这需要配置数据来执行令牌验证,这些都在 AzureAdTokenAttribute 实例中。 However, the token will be inside the HttpRequest.但是,令牌将位于 HttpRequest 中。 To have access to what was implemented in the token validation service, you will insert IHttpContextAccessor.要访问令牌验证服务中实现的内容,您将插入 IHttpContextAccessor。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 spring 安全性验证 Azure AD 访问令牌 - Validate Azure AD access token with spring security 授权 - 将 Azure AD 组映射到 Snowflake 角色 - Authorization - mapping a Azure AD group to a Snowflake role Azure 基于角色的访问控制用户找不到资源 - Azure role-based access control user cannot find resource Azure C# - 如何从不记名令牌中获取用户详细信息 - Azure C# - How to Get User Details from Bearer Token 具有 Azure AD SAML 集成的 Cognito 授权返回 id_token 和 access_token 但没有刷新令牌 - Cognito Authorization with Azure AD SAML integration returns id_token and access_token but no refresh token 如何检查来自非图形 Azure AD 令牌的用户是否是 APIM 策略中 email 分发列表的成员 - How do I check if the user from a non-Graph Azure AD token is a member of an email distribution list in an APIM policy Scope 未添加到从 Azure 广告返回的访问令牌 - Scope is not being added to Access Token returned from Azure Ad 如何授权保护Azure Function? - How I can protect Azure Function by authorization? 增加 Azure AD 中的访问令牌生命周期 - Increase access token lifetime in Azure AD 如何将 Excel 连接到 Web API (Azure AD + Bearer) - How to connect Excel to a Web API (Azure AD + Bearer)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM