ADFS 2012 R2是否支持Auth2资源所有者密码凭据流 [英] Does ADFS 2012 R2 support Auth2 Resource Owner Password Credentials flow

问题描述

我想确认ADFS支持oAuth 2.0完全支持oAuth 2.0
的所有流程，即

I want to confirm ADFS support oAuth 2.0 completely support all the flow of oAuth 2.0
i.e.,

1. 3足oAuth

1. 3-legged oAuth

两足额

隐式流

我之所以这样问是因为我尝试使用资源所有者密码流(两足式Oauth).这是我的代码

I am asking this because I try to use Resource Owner Password Flow(2-legged Oauth). Here is my code

                using (HttpClient client = new HttpClient())
                {
                    string creds = String.Format("{0}:{1}", "hello@ADFS FQDN", "christ");
                    byte[] bytes = Encoding.ASCII.GetBytes(creds);
                    var header = new AuthenticationHeaderValue("Basic",
                                               Convert.ToBase64String(bytes));


                    client.DefaultRequestHeaders.Authorization = header;

                    var postData = new List<KeyValuePair<string, string>>();

                    postData.Add(new KeyValuePair<string, string>
                                       ("grant_type", "password"));


                    HttpContent content = new FormUrlEncodedContent(postData);

                    token = client.PostAsync("http://adfs FQDN/adfs/oauth2/token/", content)
                                     .Result.Content.ReadAsStringAsync().Result;
                }

它给我错误grant_Type=password is not supported.
当我查看我的ADFS 2012 R2计算机事件查看器日志时，它还会给出错误

It gives me error grant_Type=password is not supported.
When I looked on my ADFS 2012 R2 machine event viewer log it also gives error that

授权服务器不支持所请求的'grant_type':'password'.授权服务器当前仅支持'grant_type = authorization_code'."

"The authorization server does not support the requested 'grant_type': 'password'. The authorization server currently only supports 'grant_type=authorization_code'."

请帮助我如何实现此流程?

Please help me how to achieve this flow?

推荐答案

AD FS 3.0(2012 R2)不支持OAuth 2.0的 grant_type = password ，但它支持 grant_type = authorization_code 和 grant_type = refresh_token . AD FS提供WS-Trust端点，您可以使用它们代替OAuth 2.0端点来发行和交换令牌. WS-Trust为各种身份验证提供了端点.

AD FS 3.0 (2012 R2) DOES NOT support grant_type=password for OAuth 2.0 but it supports grant_type=authorization_code and grant_type=refresh_token only. AD FS provides WS-Trust endpoints and you could use them instead of OAuth 2.0 endpoint for issuing and exchanging tokens. WS-Trust provides the endpoints for different types of authentication.

这篇关于ADFS 2012 R2是否支持Auth2资源所有者密码凭据流的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！