Microsoft帐户OpenID身份验证令牌请求返回id_token,但不返回access_token [英] Microsoft Account OpenID authentication token request returns id_token but not access_token
问题描述
... it states that a successful response to a token request looks like:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
"token_type": "Bearer",
"expires_in": 3599,
"scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
"refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}
完成身份验证的第一步后,我收到了有关重定向的代码,并使用它来请求令牌.
After the first step of authentication completes, I receive a code on the redirect and use it to request a token.
但是,我只收到此消息:
However, I only receive this:
{
"token_type": "Bearer",
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}
我的范围设置为openid email profile
.
为什么我没有收到access_token
?
推荐答案
仅当请求特定于资源的范围时,才返回访问令牌,以便可用于访问受保护的资源.尝试包含类似" https://graph.microsoft.com/mail.read 的范围如问题附带的文档链接中的示例所示.
Access token will be returned only when resource specific scopes are requested, so that it can used to access the protected resource. Try including a scope like "https://graph.microsoft.com/mail.read" as indicated in sample present in the documentation link posted with the question.
这篇关于Microsoft帐户OpenID身份验证令牌请求返回id_token,但不返回access_token的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!