使用Azure AD V2.0(MSAL)和Asp .Net Core 2.0获取刷新令牌 [英] Get refresh token with Azure AD V2.0 (MSAL) and Asp .Net Core 2.0

问题描述

我已经从Azure Ad V2.0终结点获得了access_token来调用Graph Api.但是我必须代表用户在api中执行一些操作.因此，当我的access_token过期时，我需要refresh_token进行续订.

I've got access_token from Azure Ad V2.0 endpoint to call Graph Api. But I have to do some actions in the api on behalf of user. So I need refresh_token to renew my access_token when it'll expire.

有什么方法可以在ASP .Net Core中使用MSAL获取刷新令牌?

Is there any way to get Refresh token using MSAL in ASP .Net Core?

在Microsoft documentaion中，他们告诉您可以通过请求/token终结点来做到这一点.但是我找不到使用MSAL的方法.

In microsoft documentaion they're telling it's possible to do by requesting /token endpoint. But I couldn't find how to do it using MSAL.

推荐答案

MSAL .NET不会公开刷新令牌，而是将其保留在内部，并代表应用程序处理所有令牌刷新和缓存逻辑.

MSAL .NET does not expose the refresh token, but rather keeps it internal and handles all token refresh and caching logic on the app's behalf.

您所引用的文档引用的是MSAL代表您完成的协议本身.它带有授权码(在最终用户登录后)到达/token端点，并被授予访问和刷新令牌.访问令牌的有效期为1小时，当它过期时，AcquireTokenSilent将自动对/token端点使用刷新令牌来获取新的访问令牌.

The docs you're referring to are referencing the protocol itself that MSAL is completing on your behalf. It goes to the /token endpoint with an authorization code (after the end user signs in), and is issued an Access and Refresh token. The Access Token is valid for 1 hour, and when it's expired, AcquireTokenSilent will automatically use the refresh token against the /token endpoint to get a new access token.

这篇关于使用Azure AD V2.0(MSAL)和Asp .Net Core 2.0获取刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！