AcquireTokenAsync失败,Web API中出现UserAssertion [英] AcquireTokenAsync failed with UserAssertion in Web API
问题描述
已开发出使用ADAL .Net v3.14进行身份验证的Web API。现在,这里是获取access_token的代码(使用ADAL提供的默认TokenCache)
A Web API has been developed which uses ADAL .Net v3.14 for authentication. Now here is code to get access_token (Using default TokenCache provided by ADAL)
var provider = "https://login.microsoftonline.com/XXXXXXXX.onmicrosoft.com"
var service = "https://XXXXXXXX.onmicrosoft.com/XXXXXXService" //which is registered as service in Azure AD
var clientId = "01d2b529-XXXX-XXXX-b794-XXXXXXXXXXXX" //client app registered on Azure AD
AuthenticationContext authContext = new AuthenticationContext(provider);
UserPasswordCredential uc = new UserPasswordCredential(user, password);
AuthenticationResult result = authContext.AcquireTokenAsync(service, clientId, uc).ConfigureAwait(false).GetAwaiter().GetResult();
它成功返回Access_Token。现在,此令牌过期后的1小时之后,我已经实现了以下代码,以使用Refresh_Token对其进行续订(假设refresh_token将作为已实现的ADAL TokenCache从缓存中获取):
It successfully returns Access_Token. Now After 1hour when this token is expired, I have implemented following code to renew it using Refresh_Token (assuming refresh_token will be taken from cache as implemented ADAL TokenCache) :
AuthenticationContext authContext = new AuthenticationContext(provider);
UserAssertion userAssertion = new UserAssertion(oldtoken, "urn:ietf:params:oauth:grant-type:jwt-bearer", upn);
AuthenticationResult result = authContext.AcquireTokenAsync(resource,clientId, userAssertion).ConfigureAwait(false).GetAwaiter().GetResult();
var token = result.AccessToken
此代码给出了错误:
无效的JWT令牌。AADSTS50027:无效的JWT令牌。令牌格式无效。
"Invalid JWT token. AADSTS50027: Invalid JWT token. Token format not valid".
我检查了'oldtoken'变量,它是有效的JWT令牌。
I checked 'oldtoken' variable, it's valid JWT token.
推荐答案
您在哪里获取访问令牌?在Web API端还是在客户端端?
Where do you acquire the access token ? On web api side or client side ?
如果您使用资源所有者密码授予流程在Web api端获取访问令牌。并且想要使用刷新令牌续订访问令牌。您只需再次使用您的获取令牌功能,因为您是直接使用用户的凭证来获取令牌。
If you acquire access token on web api side using resource owner password grant flow . And want to renew the access token using refresh token . You just need to use your acquiring token function again since you are acquiring token directly use user's credential .
如果您在客户端获取访问令牌,并使用该访问令牌来访问您的Web api,然后客户端应用程序应负责检查有效的访问令牌并使用刷新令牌续订访问令牌。
If you acquire access token on client side , and use that access token to access your web api , then client app should be responsible for checking valid access token and renew access token using refresh token .
这篇关于AcquireTokenAsync失败,Web API中出现UserAssertion的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!