Azure Active Directory v2.0守护程序和服务器端应用程序支持 [英] Azure Active Directory v2.0 Daemons and Server Side Apps Support

问题描述

试图弄清楚当前的v2.0端点是否支持Daemons和服务器端应用程序流.

Trying to get clarity as to if the current v2.0 endpoint supports the Daemons and server-side apps flow.

本文讨论有关流程: https://docs.microsoft.com/zh-CN/azure/active-directory/develop/active-directory-v2-flows

它说明:

本文介绍了无论使用哪种首选语言或平台，都可以使用Azure AD v2.0生成的应用程序类型.本文中的信息旨在帮助您在开始使用代码之前了解高级方案.

This article describes the types of apps that you can build by using Azure AD v2.0, regardless of your preferred language or platform. The information in this article is designed to help you understand high-level scenarios before you start working with the code.

进一步说明:

当前，v2.0端点不支持此部分中的应用程序类型，但它们在将来的开发路线图上.有关v2.0端点的其他限制和限制

Currently, the types of apps in this section are not supported by the v2.0 endpoint, but they are on the roadmap for future development. For additional limitations and restrictions for the v2.0 endpoint

最后，我尝试构建一个连接到Graph API的应用程序，该应用程序按计划通过凭据"连接到Graph API.允许它代表允许它的用户访问API.

In the end I'm trying to build an app that connects to the Graph API that on a schedule connects to the API with "credentials" that allow it to access the API on behalf of a user that has allowed it to.

在我的测试工具中，我可以使用以下方式获取令牌:

In my test harness I can get a token using:

var pca = new PublicClientApplication(connector.AzureClientId)
          {
             RedirectUri = redirectUrl
          };
var result = await pca.AcquireTokenAsync(new[] {"Directory.Read.All"},
                (Microsoft.Identity.Client.User) null, UiOptions.ForceLogin, string.Empty);

在相同的工具中，我无法使用以下方式获得令牌:

In the same harness I cannot get a token using:

var cca = new ConfidentialClientApplication(
                connector.AzureClientId,
                redirectUrl,
                new ClientCredential(connector.AzureClientSecretKey),
                null) {PlatformParameters = new PlatformParameters()};

var result = await cca.AcquireTokenForClient(new[] { "Directory.Read.All" }, string.Empty);

这将导致:

抛出异常:mscorlib.dll中的'Microsoft.Identity.Client.MsalServiceException'

Exception thrown: 'Microsoft.Identity.Client.MsalServiceException' in mscorlib.dll

附加信息:AADSTS70011:为输入提供的值参数作用域"无效.范围Directory.Read.All不是有效的.跟踪ID:dcba6878-5908-44a0-95f3-c51b0b4f1a00相关编号:1612e41a-a283-4557-b462-09653d7e4c21时间戳记:2017-04-10 20:53:05Z

Additional information: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope Directory.Read.All is not valid. Trace ID: dcba6878-5908-44a0-95f3-c51b0b4f1a00 Correlation ID: 1612e41a-a283-4557-b462-09653d7e4c21 Timestamp: 2017-04-10 20:53:05Z

自2016年4月16日以来，尚未更新MSAL软件包Microsoft.Identity.Client(1.0.304142221-alpha).这甚至是我应该使用的软件包吗?

The MSAL package, Microsoft.Identity.Client (1.0.304142221-alpha), has not been updated since April 16, 2016. Is that even the package I should be using?

推荐答案

在Azure AD V2.0中使用客户端凭据流时，在此请求中为 scope 参数传递的值应该是资源所需资源的标识符(应用程序ID URI)，后缀为 .default .对于Microsoft Graph示例，该值为 https://graph.microsoft.com/.default .

When using client credentials flow with Azure AD V2.0 , the value passed for the scope parameter in this request should be the resource identifier (Application ID URI) of the resource you want, affixed with the .default suffix. For the Microsoft Graph example, the value is https://graph.microsoft.com/.default.

请单击此处是有关在Azure AD中使用客户端凭据流的教程V2.0端点.

Please click here for more details . And here is a tutorial for using client credentials flow with Azure AD V2.0 endpoint.

这篇关于Azure Active Directory v2.0守护程序和服务器端应用程序支持的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！