使用 Azure AD V2.0 (MSAL) 和 Asp .Net Core 2.0 获取刷新令牌 [英] Get refresh token with Azure AD V2.0 (MSAL) and Asp .Net Core 2.0

问题描述

我从 Azure Ad V2.0 端点获得了 access_token 来调用 Graph Api.但我必须代表用户在 api 中执行一些操作.所以我需要 refresh_token 在我的 access_token 到期时更新它.

I've got access_token from Azure Ad V2.0 endpoint to call Graph Api. But I have to do some actions in the api on behalf of user. So I need refresh_token to renew my access_token when it'll expire.

有没有办法在 ASP .Net Core 中使用 MSAL 获取刷新令牌?

Is there any way to get Refresh token using MSAL in ASP .Net Core?

在微软文档中，他们告诉我们可以通过请求/token 端点来做到这一点.但我找不到使用 MSAL 的方法.

In microsoft documentaion they're telling it's possible to do by requesting /token endpoint. But I couldn't find how to do it using MSAL.

推荐答案

MSAL .NET 不公开刷新令牌，而是将其保留在内部并代表应用处理所有令牌刷新和缓存逻辑.

MSAL .NET does not expose the refresh token, but rather keeps it internal and handles all token refresh and caching logic on the app's behalf.

您所指的文档是指 MSAL 代表您完成的协议本身.它使用授权代码(在最终用户登录后)进入/token 端点，并获得访问和刷新令牌.访问令牌有效期为 1 小时，过期后，AcquireTokenSilent 将自动使用刷新令牌对/token 端点获取新的访问令牌.

The docs you're referring to are referencing the protocol itself that MSAL is completing on your behalf. It goes to the /token endpoint with an authorization code (after the end user signs in), and is issued an Access and Refresh token. The Access Token is valid for 1 hour, and when it's expired, AcquireTokenSilent will automatically use the refresh token against the /token endpoint to get a new access token.

这篇关于使用 Azure AD V2.0 (MSAL) 和 Asp .Net Core 2.0 获取刷新令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！