Azure Active Directory v2.0 守护程序和服务器端应用程序支持 [英] Azure Active Directory v2.0 Daemons and Server Side Apps Support

问题描述

试图弄清当前 v2.0 端点是否支持守护进程和服务器端应用程序流.

Trying to get clarity as to if the current v2.0 endpoint supports the Daemons and server-side apps flow.

本文讨论了流程:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-flows

它说:

本文介绍了您可以使用 Azure AD v2.0 构建的应用类型，无论您的首选语言或平台如何.本文中的信息旨在帮助您在开始使用代码之前了解高级场景.

This article describes the types of apps that you can build by using Azure AD v2.0, regardless of your preferred language or platform. The information in this article is designed to help you understand high-level scenarios before you start working with the code.

进一步说明:

目前，v2.0 端点不支持此部分中的应用类型，但它们在未来发展的路线图上.有关 v2.0 端点的其他限制和限制

Currently, the types of apps in this section are not supported by the v2.0 endpoint, but they are on the roadmap for future development. For additional limitations and restrictions for the v2.0 endpoint

最后，我正在尝试构建一个连接到 Graph API 的应用程序，该应用程序按计划使用凭据"连接到 API.允许它代表允许它访问的用户访问 API.

In the end I'm trying to build an app that connects to the Graph API that on a schedule connects to the API with "credentials" that allow it to access the API on behalf of a user that has allowed it to.

在我的测试工具中，我可以使用以下方法获取令牌:

In my test harness I can get a token using:

var pca = new PublicClientApplication(connector.AzureClientId)
          {
             RedirectUri = redirectUrl
          };
var result = await pca.AcquireTokenAsync(new[] {"Directory.Read.All"},
                (Microsoft.Identity.Client.User) null, UiOptions.ForceLogin, string.Empty);

在同一个线束中，我无法使用以下方法获取令牌:

In the same harness I cannot get a token using:

var cca = new ConfidentialClientApplication(
                connector.AzureClientId,
                redirectUrl,
                new ClientCredential(connector.AzureClientSecretKey),
                null) {PlatformParameters = new PlatformParameters()};

var result = await cca.AcquireTokenForClient(new[] { "Directory.Read.All" }, string.Empty);

这将导致:

抛出异常:mscorlib.dll 中的Microsoft.Identity.Client.MsalServiceException"

Exception thrown: 'Microsoft.Identity.Client.MsalServiceException' in mscorlib.dll

附加信息:AADSTS70011:为输入提供的值参数范围"无效.范围 Directory.Read.All 不是有效的.跟踪 ID:dcba6878-5908-44a0-95f3-c51b0b4f1a00相关 ID:1612e41a-a283-4557-b462-09653d7e4c21时间戳:2017-04-10 20:53:05Z

Additional information: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope Directory.Read.All is not valid. Trace ID: dcba6878-5908-44a0-95f3-c51b0b4f1a00 Correlation ID: 1612e41a-a283-4557-b462-09653d7e4c21 Timestamp: 2017-04-10 20:53:05Z

自 2016 年 4 月 16 日以来，MSAL 包 Microsoft.Identity.Client (1.0.304142221-alpha) 没有更新.这甚至是我应该使用的包吗?

The MSAL package, Microsoft.Identity.Client (1.0.304142221-alpha), has not been updated since April 16, 2016. Is that even the package I should be using?

推荐答案

在 Azure AD V2.0 中使用客户端凭据流时，此请求中为 scope 参数传递的值应该是资源您想要的资源的标识符(应用程序 ID URI)，带有 .default 后缀.对于 Microsoft Graph 示例，该值为 https://graph.microsoft.com/.default.

When using client credentials flow with Azure AD V2.0 , the value passed for the scope parameter in this request should be the resource identifier (Application ID URI) of the resource you want, affixed with the .default suffix. For the Microsoft Graph example, the value is https://graph.microsoft.com/.default.

请点击 这里了解更多详情.这里是使用 Azure AD 的客户端凭据流的教程V2.0 端点.

Please click here for more details . And here is a tutorial for using client credentials flow with Azure AD V2.0 endpoint.

这篇关于Azure Active Directory v2.0 守护程序和服务器端应用程序支持的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！