[英]How do I validate and decipher Authorization Bearer Token obtained from Azure AD in a Node Azure Function (for Role Based Access Control)?
我正在使用 Azure AD 并在其中注册了一个应用程序。 我使用msal-browser JS 库登录用户并获取授权令牌:
{
//...
"accessToken": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkY...",
"account": {
"homeAccountId": "00000000-0000-0000-bac6-4831a1177397.9188040d-6c67-4c5b-b112-36a304b66dad",
"environment": "login.windows.net",
"tenantId": "62765715-2081-4050-bdc7-8c2e178d7424",
"username": "tfgh55555@outlook.com",
"localAccountId": "6fad727e-1df2-4b14-b234-30b407b7ab42",
"name": "Tali Gehrin",
"idTokenClaims": {
"aud": "0d42647a-183c-404b-bbe1-796ad6420989",
"iss": "https://login.microsoftonline.com/62765715-2081-4050-bdc7-8c2e178d7424/v2.0",
"iat": 1633271767,
"nbf": 1633271767,
"exp": 1633275667,
"idp": "https://sts.windows.net/9188040d-6c67-4c5b-b112-36a304b66dad/",
"name": "Tali Gehrin",
"nonce": "b04400da-eb58-4617-bbaa-5c66e04d762a",
"oid": "6fad727e-1df2-4b14-b234-30b407b7ab42",
"preferred_username": "tfgh55555@outlook.com",
"rh": "0.AREAFVd2YoEgUEC9x4wuF410JHpkQg08GEtAu-F5atZCCYkRABI.",
"roles": [
"content_manager" //<= the role i'm interested in
],
"sub": "WbvYLdLb3DNVgczM_iyu4n4i-s8mPtfhQqVyAK_abaU",
"tid": "62765715-2081-4050-bdc7-8c2e178d7424",
"uti": "HDhn_MWkl0iGcm-jlBEMAA",
"ver": "2.0"
}
},
//...
}
我在 HTTP 调用中将 accessToken 传递为accessToken
Authorization: Bearer yJ0eXAiOiJKV1QiLCJub25jZSI6IkY...
我如何在 Azure function 运行的节点中验证和解密这个令牌?
您可以在Azure function运行节点的 Azure function 中验证和解密此令牌,该节点实现了 HTTP 触发器。 这需要配置数据来执行令牌验证,这些都在 AzureAdTokenAttribute 实例中。 但是,令牌将位于 HttpRequest 中。 要访问令牌验证服务中实现的内容,您将插入 IHttpContextAccessor。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.