Azure AD B2C - 具有OAauth2的自定义策略 - 在授权标头中发送访问令牌 [英] Azure AD B2C - Custom Policy with OAauth2 - send access token in authorization header
问题描述
您好,
我正在Azure AD B2C中创建自定义策略,我正在使用协议OAuth2添加新的技术配置文件。
I am creating a Custom Policy in Azure AD B2C, where I'm adding a new Technical Profile using protocol OAuth2.
我正在将元数据项HttpBinding配置为"POST"。如本文档 - https://docs.microsoft.com/en-us/azure/active-directory-b2c/oauth2-technical-profile - 表示此值设置"预期的HTTP绑定到访问令牌
。声明令牌端点。"。
但是,声明令牌端点是由GET调用的,而不是POST。并且访问令牌作为查询字符串参数被发送到声明端点。
如何配置它以在Authorization标头中传递访问令牌(而不是在查询字符串中),并调用POST的理赔终点?
$
谢谢!
And I'm configuring the metadata item HttpBinding as "POST" as this documentation - https://docs.microsoft.com/en-us/azure/active-directory-b2c/oauth2-technical-profile - says that this value sets "The expected HTTP binding to the access token
and claims token endpoints.".
However, the Claims token endpoint is being called by GET, not POST. And the access token is being sent to the claims endpoint as a query string parameter.
How can I configure it to pass the access token in the Authorization header (and not in the query string), and call the claims endpoint by POST?
Thanks!
推荐答案
你是能够使用指南在邮递员中完成吗?
Are you able to do it in postman using the guides?
https://stackoverflow.com/questions/47275079/request-access-token-in-postman-for-azure-ad -b2c
https://stackoverflow.com/questions/47275079/request-access-token-in-postman-for-azure-ad-b2c
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi?view=aspnetcore-2.2#use -postman-to-get-a-token-and-test-the-api
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi?view=aspnetcore-2.2#use-postman-to-get-a-token-and-test-the-api
尝试时会发生什么?
这篇关于Azure AD B2C - 具有OAauth2的自定义策略 - 在授权标头中发送访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
