配置Azure Active Directory，以使用oAuth 2.0客户端凭据授予类型将用户设置为启用了SCIM的Web应用程序，以从Web应用程序的oauth授权服务器的令牌终结点获取访问令牌(oauth承载令牌). [英] Configuring Azure Active Directory to provision users to SCIM enabled web app using oAuth 2.0 client credentials grant type to get an access token (oauth bearer token) from web application's oauth authorization server's token endpoint.

问题描述

我正在浏览本文档https://docs.microsoft.com/zh-cn/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups用于配置非画廊应用程序以自动将用户从Azure AD调配到非画廊 应用程序，但是我没有看到有关如何从OAuth授权服务器的OAuth获取令牌(OAuth承载令牌)的任何信息.非图库应用程序使用的令牌终结点.

"要连接支持SCIM的应用程序:"  states:

如果SCIM终结点需要来自Azure AD以外的发行者的OAuth承载令牌，则将所需的OAuth承载令牌复制到可选的

解决方案

请参阅此方法，以获取访问权限非图库应用程序的令牌

https://docs.microsoft.com/zh-CN/azure/active-directory/develop/v1-protocols-oauth-code

I'm looking through this documentation https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups for configuring a non gallery application to automatically provision users from Azure AD to the non gallery app and I don't see anything about how to get OAuth access tokens (OAuth bearer token) from an OAuth authorization server's  token endpoint that the non gallery application uses.

Step 7 of "To connect an application that supports SCIM:" states :

1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional Secret Token field. If this field is left blank, then Azure AD included an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD -issued token.

which seems to imply you can use a static OAuth bearer token that never expires (which doesn't seem any more secure than having a shared secret between the application and Azure AD) or configure the app to use Azure AD as the identity provider (which I take to mean configure the application to go to Azure AD to validate/verify the OAuth access token).

Questions: 

1. Does Azure AD support using client credential grant type to request a OAuth access token from the non gallery application's OAuth authorization server?
2. Where can I find more documentation on configuring applications to "use Azure AD as an identity provider" (i.e to validate / verify the Azure AD OAuth bearer token issued)?

解决方案

See this how to get the access token for the non- gallery application 

https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

这篇关于配置Azure Active Directory，以使用oAuth 2.0客户端凭据授予类型将用户设置为启用了SCIM的Web应用程序，以从Web应用程序的oauth授权服务器的令牌终结点获取访问令牌(oauth承载令牌).的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！