Oauth 2和JWT令牌 [英] Oauth 2 and JWT tokens

问题描述

我正在尝试配置我们的APIM实例，以便开发人员可以使用相同的客户端凭据从开发人员门户发出请求.我已在Oauth 2.0配置部分的授权授予类型"中启用了客户端凭据.

Im trying to configure our APIM instance so that developers can make requests from the developer portal using the same client credentials. I have enabled the client credentials in Authorization grant types in the Oauth 2.0 config section.

在创建请求时，它似乎可以使用客户端凭据作为创建承载令牌的方式来工作.

When creating a request it seems to work using client credentials as a bearer token is created.

得到回复说

WWW-Authenticate: Bearer error="invalid_token", error_description="The audience is invalid"

在哪里可以找到任何说明如何正确配置它的文档?

Where can I find any documentation explaining how to configure it correctly? 

有关oauth配置的官方文档内容不多.

The official documentation is not covering much regarding oauth configuration.

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-oauth2.md

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-oauth2.md

JK

推荐答案

我认为您应该考虑将OAuth 2.0协议与Azure Active Directory(AzureAD)结合使用.本文档可以帮助您入门. 

I think you should consider using the OAuth 2.0 protocol with Azure Active Directory (AzureAD).  This document can help you get started with that. 

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-protect-backend-with-aad.md

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-howto-protect-backend-with-aad.md

我希望这会有所帮助，

谢谢

这篇关于Oauth 2和JWT令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！