是否需要通过https://apps.dev.microsoft.com注册新应用? [英] Is registering a new app through https://apps.dev.microsoft.com necessary?
问题描述
我是否必须通过 https://apps.dev.microsoft使用我的MS帐户注册一个新应用. com
-或-
我可以仅将一个新应用程序添加到我的Azure Active Directory吗?
can I add simply a new application to my Azure Active Directory?
我想使用 OAuth2隐式流与 Microsoft Graph 一起使用单点登录".我已经通过Active Directory中的Azure门户创建了一个新应用,在清单中启用了隐式流 "oauth2AllowImplicitFlow": true,,并且在启用了多租户环境中创建了 >.
目标是为个人和组织帐户(基本上是每个拥有MS帐户的人)启用单一登录.
为了验证和请求新令牌,我使用了公共端点:
I'd like to use the OAuth2 Implicit flow to use Single Sign On with Microsoft Graph. I have created a new application via the Azure Portal in our Active Directory, enabled implicit flow "oauth2AllowImplicitFlow": true, in the manifest and enabled multi-tenant environment.
The goal is to enable Single Sign On for Personal and Organizational accounts, essentially everyone with an MS account.
To authenticate and request new tokens I am using the common endpoint:
public const string AuthorizationEndPoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
public const string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
但是我收到以下错误消息:
However I receive following error message:
在Azure门户中,我确实看到带有以下消息的登录失败.
In the Azure Portal I do see the failed sign-ins with following message.
FAILURE REASON The application named X was not found in the tenant named Y. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
如果正在使用应用程序注册凭据,则可以成功进行身份验证.我希望所有内容都可以通过Azure门户进行管理和维护.
If the app registration credentials are being used, I can successfully authenticate. I'd prefer to have everything to be administrated and maintained through the Azure Portal.
推荐答案
简短回答
是的,当您使用v2.0终结点时,必须在应用程序注册门户网站上注册应用程序.
Yes, as you're using v2.0 endpoints you have to register your app on the App Registration Portal.
长期回答
答案取决于您要使用的端点类型以及要支持的帐户.在 Azure门户中注册的应用是v1.0应用,而在
The answer depends on what type of endpoint you're trying to use and thus which accounts you want to support. Apps registered in the Azure Portal are v1.0 apps, whereas apps registered in the App Registration Portal are v2.0 apps.
这里比较两个端点的好文档. tl; dr.
Here's a great doc that compares the two endpoints. tl;dr below.
v1.0:支持使用Azure AD帐户登录.与ADAL库一起使用.可以调用Microsoft Graph,其他Microsoft资源,您自己的Web API(带有Access或ID令牌),并且通常支持更多方案.
v1.0: Supports sign in with Azure AD accounts. Works with ADAL libraries. Can call the Microsoft Graph, other Microsoft resources, your own web API (w/ Access or ID tokens), and has generally supports more scenarios.
v2.0:支持使用Azure AD&登录. Microsoft帐户(outlook,hotmail等).与MSAL&大多数第三方的oAuth/OIDC库.可以使用ID令牌调用Microsoft Graph和您自己的Web API.积极添加了更多方案.
v2.0: Supports sign in with Azure AD & Microsoft Accounts (outlook, hotmail, etc.). Works with MSAL & most 3rd party oAuth/OIDC libraries. Can call the Microsoft Graph, and your own web API with ID tokens. More scenarios actively being added.
这篇关于是否需要通过https://apps.dev.microsoft.com注册新应用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
