在受Azure AD B2C保护的Azure Function App的Postman中请求访问令牌 [英] Request Access Token in Postman for Azure Function App protected by Azure AD B2C
问题描述
我有一个由Azure Active Directory B2C租户保护的AspNetCore 2.0 MVC Web API。通过遵循以下SO发布,我已经能够使用Postman来测试API端点:
这是我设置在Azure B2C租户中的应用程序:
如果我通过浏览器访问功能端点,成功路由到Azure AD B2C登录页面并可以登录,然后从API端点查看结果。因此,我非常有信心一切都很好
但是,我无法使用上面链接的请求访问令牌技术来获取令牌并检查其中的终结点邮递员
如果我使用身份验证后获得的令牌(例如,通过使用提琴手并观察返回的id_token),然后在邮递员中选择Bearer身份验证并提供该id_token,然后邮递员成功命中了我的端点。但是,如果我按照上面链接的文档中的步骤操作,则会收到登录弹出窗口,然后获得有效的[外观]令牌,但是当我单击使用令牌并运行请求时,会得到
您无权查看此目录或页面。
我真的很希望能够像使用aspnetcore 2.0应用程序一样向邮递员索取访问令牌(确实是为了保持一致性,因此我不必记住很多不同的技术)。这对Azure Function应用程序是否可行,如果可以,那么任何提示我在上面做错了什么?
偶然发现了它。我通过添加Postman API客户端ID(请注意:Postman API 客户端ID,而不是Postman App 客户端ID)来解决了该问题[这些引用在以下情况下才有意义Microsoft上的如何链接],在允许的令牌受众下(在上述问题的屏幕快照中可见)。
I have an AspNetCore 2.0 MVC web API secured by an Azure Active Directory B2C tenant. I have been able to use Postman to test the API end points by following this SO posting: Request Access Token in Postman for Azure AD B2C (in particular, the Microsoft documented steps referenced in SpottedMahn's comments: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi#use-postman-to-get-a-token-and-test-the-api )
Now, I am working on a serverless version of the above - the app is pretty much identical expect that the endpoints have been implemented by Azure functions in an Azure Functions App
The Functions App has Authentication on, Log in with Azure Active Directory and the following settings:
This is how i have set up the Application in the Azure B2C tenant:
If I access the functions endpoint via a browser, I get successfully routed to the Azure AD B2C login page and can log in, then see the results from the API endpoint. So I'm pretty confident all is good w.r.t. the Azure AD B2C <-> Function App configuration.
However, I can't use the Request Access Token technique linked above to get a token and inspect the endpoint in Postman
If I take the token obtained after authentication (for example by using fiddler and observing the id_token being returned), and in Postman I choose Bearer authentication and supply that id_token, then Postman successfully hits my endpoint. However, if I follow the steps in the linked document above, I do get the "login" popup and then do get a valid [looking] token, but when I click Use Token and run the request, I get
You do not have permission to view this directory or page.
I'd really like to be able to request an access token from postman just like I can with my aspnetcore 2.0 app (really just for the consistency so I don't have to remember lots of different techniques). Is that possible for Azure Function Apps and if so, any clues what I'm doing wrong in the above?
Ah I stumbled upon it. I fixed it by adding the Postman API client id (note: the postman API client id, not the postman App client id) [those references will make sense in the context of the Microsoft how-to linked above], under "ALLOWED TOKEN AUDIENCES" (visible in screenshot in question above).
这篇关于在受Azure AD B2C保护的Azure Function App的Postman中请求访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
