[英]How Azure AD scopes, permissions and tokens work with exposing API?
I am currently working on React Native app that uses Azure as backend and I am having trouble to call API in azure LogicApp that requires custom scope. I am currently working on React Native app that uses Azure as backend and I am having trouble to call API in azure LogicApp that requires custom scope. We have this scope in "AppRegistration/Expose an API".我们在“AppRegistration/Expose an API”中有这个 scope。 ( screenshot-expose an API ) (截图-暴露一个 API )
In the mobile app I ask for scopes "openid", "profile", "email", "offline_access" .在移动应用程序中,我要求范围“openid”、“profile”、“email”、“offline_access” 。 I need to call Microsoft Graph for user information.我需要致电 Microsoft Graph 以获取用户信息。 This is no problem as we added required permissions (User.ReadWrite.All) into AppRegistration/permissions.这没有问题,因为我们在 AppRegistration/permissions 中添加了所需的权限 (User.ReadWrite.All)。
But I cannot call our API due to invalid token (http 401).但由于令牌无效(http 401),我无法调用我们的 API。
So the question is, how to properly setup permissions and scopes in the AppRegistration?那么问题来了,如何在 AppRegistration 中正确设置权限和范围?
What I have tried:我试过的:
adding required scope to mobile application将所需的 scope 添加到移动应用程序
not adding scope to the mobile app but adding permission to custom API into permissions.没有将 scope 添加到移动应用程序,而是将自定义 API 的权限添加到权限中。 ( screenshot-permissions ) (截图权限)
I really don't understand why the scopes I ask from mobile app are ignored and why permissions from AppRegistration are not working either when I ask for the custom scope from "Expose an API".我真的不明白为什么我从移动应用程序询问的范围被忽略了,为什么当我从“公开 API”询问自定义 scope 时,为什么来自 AppRegistration 的权限不起作用。
As Tiny Wang said, i have to obtain 2 pairs of tokens.正如 Tiny Wang 所说,我必须获得 2 对代币。 One for each API resource.每个 API 资源一个。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.