Oauth 2和JWT令牌 [英] Oauth 2 and JWT tokens
问题描述
我正在尝试配置我们的APIM实例,以便开发人员可以使用相同的客户端凭据从开发人员门户发出请求.我已在Oauth 2.0配置部分的授权授予类型"中启用了客户端凭据.
Im trying to configure our APIM instance so that developers can make requests from the developer portal using the same client credentials. I have enabled the client credentials in Authorization grant types in the Oauth 2.0 config section.
在创建请求时,它似乎可以使用客户端凭据作为创建承载令牌的方式来工作.
When creating a request it seems to work using client credentials as a bearer token is created.
得到回复说
WWW-Authenticate: Bearer error="invalid_token", error_description="The audience is invalid"
在哪里可以找到任何说明如何正确配置它的文档?
Where can I find any documentation explaining how to configure it correctly?
有关oauth配置的官方文档内容不多.
The official documentation is not covering much regarding oauth configuration.
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-oauth2.md
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-oauth2.md
JK
推荐答案
我认为您应该考虑将OAuth 2.0协议与Azure Active Directory(AzureAD)结合使用.本文档可以帮助您入门.
I think you should consider using the OAuth 2.0 protocol with Azure Active Directory (AzureAD). This document can help you get started with that.
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-protect-backend-with-aad.md
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-protect-backend-with-aad.md
我希望这会有所帮助,
谢谢
这篇关于Oauth 2和JWT令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!