MS Graph - 客户端凭证流
[英]MS Graph - Client Credential Flow
问题描述
Anyone knows using (confidential client credential flow)[https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow] to get the access token for an application (I am using a Java Client App using MSAL4J) if there is a way to modify the accessToken lifetime (default to 1 hour) I tried to check the https://portal.azure.com but I did not find a clear way to do that.
任何人都知道使用(机密客户端凭证流)[https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow] 来获取访问令牌一个应用程序(我正在使用一个使用 MSAL4J 的Java客户端应用程序)如果有一种方法可以修改 accessToken 生命周期(默认为 1 小时)去做。 I check this doc - https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes Thanks我检查了这个文档 - https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes谢谢
1 个解决方案
解决方案1
0 2022-02-14 22:27:25
I don't want to be rude, but what is the reason you want a longer token lifetime?我不想无礼,但您想要更长的令牌生命周期的原因是什么?
With client credentials flow, you got credentials, you exchange them for a token.通过客户端凭据流,您获得了凭据,然后将它们交换为令牌。 That is valid for 1 hour (actually 65 minutes I believe, but that just a minor detail).有效期为 1 小时(我相信实际上是 65 分钟,但这只是一个小细节)。
If the lifetime expired you request a new token with the same credentials.如果生命周期到期,您将请求一个具有相同凭据的新令牌。
It's a security measure.这是一种安全措施。 If you leak the token the attacker has access to the resource for the rest of the lifetime of the token.如果您泄露令牌,攻击者可以在令牌生命周期的 rest 内访问资源。 That is why they keeping it long enough for an application to function, but short enough to keep the risk small.这就是为什么他们将其保持足够长的时间以供 function 的申请使用,但又要足够短以保持较小的风险。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.