在Azure门户中使用Azure广告登录时Azure应用Openid Connect问题 [英] Azure app openid connect issue with azure ad login in azure portal
问题描述
我已启用身份验证提供程序为Azure Active Directory的身份验证/授权设置.配置完成后,我可以登录该应用程序,但是当我输入/.auth/me端点时,我仅找到id_token,如何访问一个api(例如图形api),就像我在代码中使用openid connect owin在c#中完成的代码一样示例Microsoft提供.
I have enabled the Authentication / Authorization setting which Authentication Providers is Azure Active Directory . After config i could sign in the app , but when i enter /.auth/me endpoint , i only find the id_token , how to access a api (graph api for example) like what i have done with openid connect owin in c# in code sample microsoft provide .
推荐答案
请按照以下步骤调用具有身份验证/授权功能的Graph API:
Please follow below steps to call Graph API with Authentication / Authorization feature :
-
在azure门户中,单击[Azure Active Directory]-> [应用程序注册],找到在azure广告中注册的应用程序:
In azure portal , click [Azure Active Directory]-->[App registrations] ,find the app registered in azure ad:
单击该应用程序,显示[setting]刀片,可以创建Keys并单击Required permissions,可以设置/授予api所需的权限,在这种情况下,应添加图形api您想调用(不确定要调用microsot图api或azure广告图api).
click that app ,showing the [setting] blade , you could create Keys and click Required permissions , you could set/grant required permissions for the api , in your scenario , you should add the graph api you want to call (not sure you want to call microsot graph api or azure ad graph api) .
使用工具: Azure资源浏览器,搜索您的Web,移动或API应用使用搜索栏,导航到/config/authsettings,添加上一步中配置的clientSecret.修改additionalLoginParams以使用代码流并指定资源:
Using a tool : Azure Resource Explorer , search for your web, mobile or API app using the search bar,navigate to /config/authsettings ,add the clientSecret you config in previous step .Modify the additionalLoginParams to use code flow and specify the resource :
"additionalLoginParams":["response_type = code id_token",资源= https://graph.windows.net ],
我使用azure广告图api,您可以修改要调用的api的resource:
"additionalLoginParams": ["response_type=code id_token",resource=https://graph.windows.net"],
I use azure ad graph api and you could modify the resource for the api you want to call :
保存您的更改(首先单击EDIT,修改配置,然后单击PUT).
Save your changes (first click EDIT, modify the config , the click PUT ) .
这篇关于在Azure门户中使用Azure广告登录时Azure应用Openid Connect问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
