如何在 Web 应用程序中从 Azure AD 刷新 ID 令牌? [英] How to refresh an ID Token from Azure AD in a Web App?
问题描述
我正在尝试设置一个 Azure Web 应用程序来通过 Azure AD 进行身份验证并在后台自动刷新 ID 令牌.一篇很棒的博客文章帮助我理解了整个事情是如何运作的:https://cgillum.tech/2016/03/07/app-服务令牌商店/
I'm trying to set up an Azure Web App to to authenticate with Azure AD and refresh ID Token behind the scenes automatically. A great blog post helped me understand how the whole thing works: https://cgillum.tech/2016/03/07/app-service-token-store/
从它链接的本指南帮助我进行了设置:http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/
And this guide linked from it helped me set it up: http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/
似乎为 Azure AD 身份验证启用刷新令牌并不是那么简单,因此我建议我使用上述指南来设置它,就好像它是为 GraphApi 设置的一样.
It seems enabling refresh tokens for Azure AD authentication isn't that simple so as recommended I used the aforementioned guide to set it up as if it were for GraphApi.
我遇到的问题是即使在调用.auth/refresh"端点然后调用.auth/me"端点之后,唯一刷新的令牌是访问令牌.该令牌对我没有用,因为我在与后端服务器通信时使用了 Id 令牌(使用授权承载"标头).
The problem I'm having is even after calling the ".auth/refresh" endpoint and then calling the ".auth/me" endpoint, the only token which is refreshed is the Access Token. That token is of no use to me since I use the Id Token when communicating with my backend server (using an "Authorization Bearer" header).
那么如何让 Id Token 也刷新?
So how do I get the Id Token to refresh as well?
推荐答案
很遗憾,AAD 不支持刷新 ID 令牌.只能刷新访问令牌.请参阅此处:https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens
Unfortunately AAD does not support refreshing the ID token. Only the access token can be refreshed. See here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens
但即使可以刷新,在使用其他服务进行身份验证时使用访问令牌更正确,因此我建议更改您的应用程序以这种方式工作.访问令牌和 id_token 的声明非常相似,因此它不应该是一个非常破坏性的更改.
But even if it could be refreshed, it's more correct to use an access token when authenticating with another service, so I suggest changing your apps to work this way. The claims on the access token and the id_token are very similar so it should not be a very disruptive change.
这篇关于如何在 Web 应用程序中从 Azure AD 刷新 ID 令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
