stackoom
  简体   繁体   中英

OAuth 2.0 auth code grant flow vs client credential grant flow

 原文  2019-11-05 09:12:03       .net-core/ oauth-2.0/ azure-active-directory/ openid-connect

Question

We have a 3rd party mobile app. Which during the login process creates an access token to access one of our API(.netcore) using the Authorization code grant flow.

https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

在此处输入图像描述

在此处输入图像描述

The mobile app displays many tiles. After login, when the user clicks on one of the tiles, I want to call another .netcore API(using the access_token).

I was planning to use client credential flow for the second API call as it does not require user interaction.

https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow

在此处输入图像描述

But the API endpoint(in the code) checks the Claims to get the userID and client credential flow creates a jwt token without the user information(as there is no user interaction).

Am I using the correct flow? Is there a way to use authorization code grant flow when clicking the tile(without needing a user interaction)?

1 answers

solution1
 1  2019-11-05 09:35:12

You can only get the user information when use auth code flow which need a user interaction.

I noticed that you are using v1.0 endpoint, you can put the api uri in the resource parameter. Scope parameter isn't needed for v1.0 endpoint. You can get the access token silently after logging in.

Here is the code snippet for your reference.

 // Because we signed-in already in the WebApp, the userObjectId is know
                string userObjectID = (User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value;

                // Using ADAL.Net, get a bearer token to access the TodoListService
                AuthenticationContext authContext = new AuthenticationContext(AzureAdOptions.Settings.Authority, new NaiveSessionCache(userObjectID, HttpContext.Session));
                ClientCredential credential = new ClientCredential(AzureAdOptions.Settings.ClientId, AzureAdOptions.Settings.ClientSecret);
                result = await authContext.AcquireTokenSilentAsync(AzureAdOptions.Settings.TodoListResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

                // Retrieve the user's To Do List.
                HttpClient client = new HttpClient();
                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, AzureAdOptions.Settings.TodoListBaseAddress + "/api/todolist");
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
                HttpResponseMessage response = await client.SendAsync(request);

Reference:

active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to signin using oauth2 authorization Code Grant flow in UWP Desktop app Redirect URI with Client Credential Flow How to get Authorization Code using Identity Server 4 Authorization Code Grant Type Flow How to store and manage tokens in Client Credential Flow between APIs? .Net Core WebApi OAuth2 Grant Types Grant access to api from native client How to generate JWT Bearer Flow OAuth access tokens from a .net core client? Requesting a token using the authorization_code Grant Type What OAuth flow to use for IONIC2 app and Identity Server4 SwashBuckle.AspNetCore 4.1 w/ OAuth application flow?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM