使用OnAuthorizationCodeReceived检索Azure GraphAPI AccessToken [英] Using OnAuthorizationCodeReceived to retrieve Azure GraphAPI AccessToken
问题描述
我当前在管道中使用代码来使用Azure AD缓存Graph API的承载令牌.这段代码是从工作正常的ASP.NET 4应用程序中移植过来的,但是感觉像Core中新的OpenIdConnectOptions应该使它更容易实现.我可以在OnAuthorizationCodeReceived事件中使用更直接的调用,一旦收到代码,它将使用AuthenticationContext缓存令牌?这是我当前的代码:
I am currently using code in my pipeline to cache the bearer token for the Graph API using Azure AD. This code was ported from a working ASP.NET 4 application, but it feels like the new OpenIdConnectOptions in Core should make this easier. Is there a more direct call that I can use in the OnAuthorizationCodeReceived event that will use the AuthenticationContext to cache the token once the code is received? Here is my current code:
var azureSettings = app.ApplicationServices.GetService<IOptions<AzureSettings>>().Value;
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = azureSettings.ClientId,
ClientSecret = azureSettings.AppKey,
Authority = string.Format(azureSettings.AadInstance, azureSettings.TenantId),
Resource = azureSettings.GraphResourceUri,
ResponseType = OpenIdConnectResponseType.CodeIdToken,
TokenValidationParameters = new TokenValidationParameters
{
RoleClaimType = "roles"
},
Events = new OpenIdConnectEvents()
{
OnAuthorizationCodeReceived = (context) =>
{
string resourceUri = azureSettings.GraphResourceUri;
var authContext = new AuthenticationContext(context.Options.Authority);
var credential = new ClientCredential(context.TokenEndpointRequest.ClientId, context.TokenEndpointRequest.ClientSecret);
var result = authContext.AcquireTokenByAuthorizationCodeAsync(context.TokenEndpointRequest.Code, new Uri(context.TokenEndpointRequest.RedirectUri), credential, resourceUri);
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
}
});
上面的代码可以正常工作,但是感觉就像我在复制很多代码,只是为了提交大部分已经包含在AuthorizationCodeReceivedContext内部的内容.
The above code works just fine, but it feels like I am duplicating a lot of code just to submit what is mostly contained inside of the AuthorizationCodeReceivedContext already.
有没有一种更容易被我忽略的方法?
Is there an easier way that I am simply overlooking?
推荐答案
浏览完Microsoft.AspNetCore.Authentication.OpenIdConnect的代码后,我意识到该库与AuthenticationContext中的令牌缓存机制断开了连接.如果我尝试简化代码,它将不会触发缓存机制,这意味着需要在每个请求上检索Bearer令牌.
After looking through the code for Microsoft.AspNetCore.Authentication.OpenIdConnect, I realized that this library is disconnected from the Token Caching mechanism within the AuthenticationContext. If I try and streamline the code, it will not trigger the caching mechanism which means the Bearer token needs to be retrieved on each request.
因为我计划使用TokenCache减少对API的调用并最终利用我的Redis缓存,所以我需要将该代码保留在OnAuthorizationCodeReceived方法中.
Because I plan to use the TokenCache to reduce the calls to the API and eventually leverage my Redis cache, I need to leave that code in the OnAuthorizationCodeReceived method.
这篇关于使用OnAuthorizationCodeReceived检索Azure GraphAPI AccessToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!