Azure B2C 访问令牌验证和自定义 JWT 令牌生成
[英]Azure B2C access token validation and custom JWT token generation
问题描述
For a web application in Spring Boot (API REST) + Angular as front-end we need to integrate with Azure B2C for the authentication part.
对于 Spring Boot (API REST) + Angular 作为前端的 web 应用程序,我们需要为身份验证部分集成 Azure B2C。
I am reading some Microsoft documentation but I have no experience with Azure B2C.我正在阅读一些 Microsoft 文档,但我没有使用 Azure B2C 的经验。
The need would be to validate the Access Token obtained from the Client application (Angular) on Azure and then generate (From Java application) a custom JWT token (ID Token) with user roles and permissions taken from the Database.需要验证从 Azure 上的客户端应用程序(Angular)获得的访问令牌,然后生成(从 Java 应用程序)自定义 JWT 令牌(ID 令牌),其中包含从数据库获取的用户角色和权限。 We can't put the roles on Azure AD.我们不能将角色放在 Azure AD 上。
At this point Client (Angular) and Server (API REST) would only use this token to handle API calls.此时客户端 (Angular) 和服务器 (API REST) 将仅使用此令牌来处理 API 调用。
What I didn't understand is how to validate the Azure Access Token through the Spring Framework.我不明白的是如何通过 Spring Framework 验证 Azure Access Token。 Which Microsoft web service should be called and how (which library)应该调用哪个 Microsoft web 服务以及如何调用(哪个库)
Thanks in advance.提前致谢。
1 个解决方案
解决方案1
0 2022-09-29 08:25:54
I think the answer in this question should get you started: How to validate JWT token generated from Azure AD B2C in Java?我认为这个问题的答案应该让你开始: How to validate JWT token generated from Azure AD B2C in Java?
The AD B2C accesstoken is "just" an oauth2 token, so any library that can validate oauth2 should do it. AD B2C 访问令牌“只是”一个 oauth2 令牌,因此任何可以验证 oauth2 的库都应该这样做。
Edit (can't comment yet): I think this link (linked in the other answer) is your best start: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview .编辑(还不能评论):我认为这个链接(在另一个答案中链接)是你最好的开始: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview . Anyway, you need a tenant-specific url to get the correct keys, something like https://contoso.b2clogin.com/contoso.onmicrosoft.com/b2c_1_signupsignin1/discovery/v2.0/keys instead of the generic microsoft keys.无论如何,您需要特定于租户的 url 来获取正确的密钥,例如https://contoso.b2clogin.com/contoso.onmicrosoft.com/b2c_1_signupsignin1/discovery/v2.0/keys而不是通用的 Microsoft 密钥。
Alternatively you could look at the sample application for java and b2c from microsoft, which uses msal for java: https://github.com/Azure-Samples/ms-identity-java-webapp/tree/master/msal-b2c-web-sample或者,您可以查看 java 和来自 Microsoft 的 b2c 的示例应用程序,它使用 msal 表示 java: https://github.com/Azure-Samples/ms-identity-java-webapp/tree/master/msal-b2c-web -样本
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.