[英]How do I validate and decipher Authorization Bearer Token obtained from Azure AD in a Node Azure Function (for Role Based Access Control)?
I'm using Azure AD and have registered an application in it.我正在使用 Azure AD 并在其中注册了一个应用程序。 I've used msal-browser JS library to sign-in the user and obtain an Authorization token:我使用msal-browser JS 库登录用户并获取授权令牌:
{
//...
"accessToken": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkY...",
"account": {
"homeAccountId": "00000000-0000-0000-bac6-4831a1177397.9188040d-6c67-4c5b-b112-36a304b66dad",
"environment": "login.windows.net",
"tenantId": "62765715-2081-4050-bdc7-8c2e178d7424",
"username": "tfgh55555@outlook.com",
"localAccountId": "6fad727e-1df2-4b14-b234-30b407b7ab42",
"name": "Tali Gehrin",
"idTokenClaims": {
"aud": "0d42647a-183c-404b-bbe1-796ad6420989",
"iss": "https://login.microsoftonline.com/62765715-2081-4050-bdc7-8c2e178d7424/v2.0",
"iat": 1633271767,
"nbf": 1633271767,
"exp": 1633275667,
"idp": "https://sts.windows.net/9188040d-6c67-4c5b-b112-36a304b66dad/",
"name": "Tali Gehrin",
"nonce": "b04400da-eb58-4617-bbaa-5c66e04d762a",
"oid": "6fad727e-1df2-4b14-b234-30b407b7ab42",
"preferred_username": "tfgh55555@outlook.com",
"rh": "0.AREAFVd2YoEgUEC9x4wuF410JHpkQg08GEtAu-F5atZCCYkRABI.",
"roles": [
"content_manager" //<= the role i'm interested in
],
"sub": "WbvYLdLb3DNVgczM_iyu4n4i-s8mPtfhQqVyAK_abaU",
"tid": "62765715-2081-4050-bdc7-8c2e178d7424",
"uti": "HDhn_MWkl0iGcm-jlBEMAA",
"ver": "2.0"
}
},
//...
}
I'm passing accessToken
in an HTTP call as header我在 HTTP 调用中将 accessToken 传递为accessToken
Authorization: Bearer yJ0eXAiOiJKV1QiLCJub25jZSI6IkY...
How do I validate and decipher this token inside an Azure function running Node?我如何在 Azure function 运行的节点中验证和解密这个令牌?
You can validate and decipher this token inside an Azure function running Node by Azure function that implements the HTTP trigger.您可以在Azure function运行节点的 Azure function 中验证和解密此令牌,该节点实现了 HTTP 触发器。 This requires configuration data to perform a token validation and these are inside the AzureAdTokenAttribute instance.这需要配置数据来执行令牌验证,这些都在 AzureAdTokenAttribute 实例中。 However, the token will be inside the HttpRequest.但是,令牌将位于 HttpRequest 中。 To have access to what was implemented in the token validation service, you will insert IHttpContextAccessor.要访问令牌验证服务中实现的内容,您将插入 IHttpContextAccessor。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.