Microsoft帐户OpenID身份验证令牌请求返回id_token，但不返回access_token [英] Microsoft Account OpenID authentication token request returns id_token but not access_token

问题描述

在 ...它指出对令牌请求的成功响应如下:

... it states that a successful response to a token request looks like:

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
    "token_type": "Bearer",
    "expires_in": 3599,
    "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
    "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}

完成身份验证的第一步后，我收到了有关重定向的代码，并使用它来请求令牌.

After the first step of authentication completes, I receive a code on the redirect and use it to request a token.

但是，我只收到此消息:

However, I only receive this:

{
    "token_type": "Bearer",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}

我的范围设置为openid email profile.

为什么我没有收到access_token?

推荐答案

仅当请求特定于资源的范围时，才返回访问令牌，以便可用于访问受保护的资源.尝试包含类似" https://graph.microsoft.com/mail.read 的范围如问题附带的文档链接中的示例所示.

Access token will be returned only when resource specific scopes are requested, so that it can used to access the protected resource. Try including a scope like "https://graph.microsoft.com/mail.read" as indicated in sample present in the documentation link posted with the question.

这篇关于Microsoft帐户OpenID身份验证令牌请求返回id_token，但不返回access_token的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！