B2B静默身份验证 [英] B2B silent authentication
问题描述
我们的应用程序正在将Adal SDK用于Android和IOS平台. 我们想在B2B中添加支持,并在租户之间共享数据. 假设来自家庭租户的用户已被邀请到其他租户.
Our application is using the Adal SDK for both Android and IOS platforms. We want to add the support in B2B and shared data between tenants. Assuming the user from the Home tenants was already invited to a different tenant.
我想知道假设用户已经登录到家庭租户之前向邀请租户获取令牌的API是什么? 以静默方式向邀请租户获取令牌的方法是什么?
I wanted to know what is the API to get a Token to the inviting tenant assuming the user already signed-in before to the home tenant ? what is the way to silently acquire a token to the inviting tenant ?
我尝试并设法使用交互式登录(通过提供特定的邀请租户ID而不是使用common)来获取令牌,但是我不确定如何对邀请租户执行静默登录(当用户拥有房屋租户的代币)
I tried and managed to get a token using interactive sign-in (by providing the specific inviting tenant id instead of using common) but i am not sure how to perform silent sign-in to the inviting tenant (when the user has a token for the home tenant)
我设法做的是静默获取家庭租户的令牌,然后使用我获得的刷新令牌,以便通过调用acquireTokenByRefreshToken函数(并使用两个AuthenticationContext-一个与公共租户一起使用)来获取邀请租户的令牌.权限,第二个具有特定的租户ID),但是随后我注意到,在Android SDK中,acquireTokenByRefreshToken被标记为已弃用,而在IOS SDK中,此功能似乎是私有的,因此我们不能真正使用它.
What I managed to do is to silently acquire a token to the home tenant and then use the refresh token i got in order to get a token to the inviting tenant by calling the acquireTokenByRefreshToken function (and using two AuthenticationContext - one with common authority and the second with the specific tenant id) but then i noticed that in the Android SDK the acquireTokenByRefreshToken is marked as deprecated and in the IOS SDK it seems this function is private so we can't really use it.
所以我想知道的是什么正确的API,以使用家庭租户的令牌和邀请租户的ID向邀请租户获取令牌?
So what i wanted to know is what is the right API to get a token to the inviting tenant using a token of the home tenant and the id of the inviting tenant ?
推荐答案
版本1.14.x+(于2018年2月发布)支持ADAL for Android中的来宾访问-可以找到最新版本的链接此处.可以在上下载它们. Maven Central .
Guest access in ADAL for Android is supported by versions 1.14.x+ (released Feb, 2018) - a link to the latest releases can be found here. They are available for download on Maven Central.
对于访客方案, UserInfo.userId /com/microsoft/aad/adal/AuthenticationResult.java#L284-L291"rel =" nofollow noreferrer>上一个acquireToken或acquireTokenSilent调用的AuthenticationResult .
For guest scenarios, the AuthenticationContext can be reconstructed with an authority URL containing the tenant id -- acquireTokenSilent calls can then be made using the UserInfo.userId acquired from the AuthenticationResult of a previous acquireToken or acquireTokenSilent call.
请注意,截至2018年10月(撰写本答案之时),如何支持x租户刷新令牌存在一些局限性:
Please note, as of Oct 2018 (the time of this answer's writing) there are some limitations to be aware of as to how x-tenant refresh tokens are supported:
如果您要在以下位置执行流程...
If you are trying to execute the flow where...
- 您为家庭租户和... 获取了令牌(使用UI并要求用户输入凭据)
- 然后,您默默地为来宾租户 获取令牌.
- You acquire a token (using UI and asking user to enter credentials) for the home tenant and...
- Then you acquire a token silently for the guest tenant
然后,这仅在设备已连接(注册)到家庭租户的情况下才有效.在其他所有情况下,以下是受支持的流程...
Then this will work only in the case where the device has been joined (registered) to the home tenant. In every other case the following is the supported flow...
- 您为家庭租户和... 获取了令牌(以交互方式,使用UI输入凭据).
- 然后,您以静默方式为家庭租户 获取令牌.
- 您为来宾租户和... 获取了令牌(以交互方式,使用UI输入凭据).
- 然后,您默默地为来宾租户 获取令牌.
- You acquire a token (interactively, using UI to enter creds) for the home tenant and...
- Then you acquire a token silently for the home tenant
- You acquire a token (interactively, using UI to enter creds) for the guest tenant and...
- Then you acquire a token silently for the guest tenant
这篇关于B2B静默身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
