iOS ADAL-使用刷新令牌进行静音呼叫 [英] iOS ADAL-Make silent call using refresh token
问题描述
我正在使用iOS ADAL库2.2.6版,并在成功登录后收到刷新令牌.现在,我想使用此刷新令牌进行静默呼叫.我尝试使用以下方法,但无法返回访问令牌.
I am using iOS ADAL library version 2.2.6 and receiving refresh token upon successful login. Now I want to make a silent call by using this refresh token. I tried with following method but it fails to return the access token.
ADAuthenticationContext *authContext;
[authContext acquireTokenSilentWithResource:resourceId
clientId:clientId
redirectUri:redirectUri
userId:strUserID //loggedIn userID
completionBlock:^(ADAuthenticationResult *result){
// It alway throws an error //Please call the non-silent acquireTokenWithResource methods.
if(result.error){
ADAuthenticationError *error = nil;
authContext = [ADAuthenticationContext authenticationContextWithAuthority:inputData.authority error:&error];
[authContext acquireTokenWithResource:inputData.ResourceID
clientId:inputData.ClientId // Comes from App Portal
redirectUri:inputData.RedirectUri // Comes from App Portal
completionBlock:^(ADAuthenticationResult *result)
{
if (AD_SUCCEEDED != result.status){
// Show alert with error description
}
else{
//Handle Success token
}
}];
}else{
//Handle Success token
}
}];
但是它总是抛出一个错误,提示"The user credentials are needed to obtain access token. Please call the non-silent acquireTokenWithResource methods."
But it always throws an error saying "The user credentials are needed to obtain access token. Please call the non-silent acquireTokenWithResource methods."
有什么方法可以使用刷新令牌进行无声呼叫吗?请帮助我.预先感谢.
Is there any way to make a silent call using refresh token? please help me on it. Thanks in advance.
推荐答案
在使用Microsoft的身份验证库时,在提示用户之前,应始终先检查缓存中是否有可用于您的资源的用户.进行登录.这使我们可以检查用户以前是否登录过您的应用程序,或者是否有其他与您的应用程序共享状态的应用程序可能已经要求用户在其他地方登录.
When you use Microsoft's authentication libraries, you should always first check to see if there is a user in the cache that can be used for your resource before prompting the user to sign in. This allows us to check if the user had previously signed in to your app or if there are other apps that share state with your app that may have already asked the user to sign in elsewhere.
如果找到了用户,我们将尝试获取令牌而完全不打断用户.有时,即使用户先前已登录您的应用程序,用户也会更改其密码或执行其他一些操作,这将要求他们再次登录.这就是您所看到的. 图书馆告诉您,对于您要为其获取令牌的用户,他们需要重新登录以进行修改.
If the user is found, we will try to acquire a token without interrupting the user at all. Sometimes a user will have changed their password or done some other action that will require them to sign in again even if they have signed in to your app previously. This is what you are seeing. The library is telling you that for the user you are trying to acquire a token for, they need to sign in again to make something right.
为了优雅地处理所有这些情况,我们建议您使用以下伪代码模式:
In order to handle all these cases elegantly, we recommend that you use the pseudocode pattern of:
acquireTokenSilent()
(if error InteractiveAuthenticationRequired) {
acquireTokenInteractively() }
该模式首先检查您指定的用户在令牌高速缓存中是否可用.如果是这样,我们将调用Azure Active Directory服务以查看该用户的刷新令牌是否有效.如果这两个都是正确的,则用户将以静默方式登录.如果找不到用户或服务器拒绝刷新令牌,则会从库中发送一条错误消息,指示用户需要以交互方式登录.
The pattern first checks if a user you specify is available in the token cache. If it is, we then call the Azure Active Directory service to see if the Refresh token for that user is valid. If both of these are true, then the user is signed in silently. If the user isn't found or the server rejects the Refresh Token, then an error is sent from the library that indicates the user needs to sign in interactively.
在上面,您正在做的第一部分,但是您没有处理用户在出现问题时需要登录的情况.
In the above, you are doing this first part, but you aren't handling the case where the user needs to sign in if there is a problem.
最好的方法是使用AD_ERROR_USER_INPUT_NEEDED
这是有关如何执行此模式的代码示例.
Here is a code sample on how to do this pattern.
// Here we try to get a token from the stored user information we would have from a successful authentication
[authContext acquireTokenSilentWithResource:data.resourceId
clientId:data.clientId
redirectUri:redirectUri
userId:data.userItem.userInformation.userId
completionBlock:^(ADAuthenticationResult *result) {
if (!result.error)
{
completionBlock(result.tokenCacheStoreItem.userInformation, nil);
} else {
if ([result.error.domain isEqual:ADAuthenticationErrorDomain] && result.error.code == AD_ERROR_USER_INPUT_NEEDED) {
// Here we know that input is required because we couldn't get a token from the cache
[authContext acquireTokenWithResource:data.resourceId
clientId:data.clientId
redirectUri:redirectUri
userId:data.userItem.userInformation.userId
completionBlock:^(ADAuthenticationResult *result) {
if (result.status != AD_SUCCEEDED)
{
completionBlock(nil, result.error);
}
else
{
data.userItem = result.tokenCacheStoreItem;
completionBlock(result.tokenCacheStoreItem.userInformation, nil);
}
}];
} else {
completionBlock(nil, result.error);
}
}
}];
请记住,此代码非常冗长.您很可能希望拥有acquireTokenWithResource:一个可以用[self acquireTokenWithResource]
Keep in mind this code is very verbose. You will most likely want to have acquireTokenWithResource: a separate method that you could call with [self acquireTokenWithResource]
这篇关于iOS ADAL-使用刷新令牌进行静音呼叫的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
