在单个授权请求中访问多个资源 [英] Accessing Multiple resources in a single authorization request
问题描述
当前,在SPA应用程序( Angular 8 )上,我们正在授权用户使用Microsoft通过ADAL服务提供的" OAuth 2.0隐式授予类型".
Currently, on SPA Application (Angular 8), we are authorizing users using "OAuth 2.0 Implicit Grant Type" from Microsoft using ADAL services.
加载应用程序后,将使用单个环境配置来初始化Adal服务.因此,在获取令牌时,它会使用加载的配置.
When the application is loaded, Adal service is initialized with a single environment configuration. So while acquiring token it uses that loaded configuration.
场景:现在我们有两个资源端点:
Scenario: Now we have two resources endpoint:
- API资源
- Power BI资源
解决方法:我们可以做的是首先使用Graph API配置获取API资源的访问令牌,然后加载Power BI配置以获取Power BI资源的访问令牌.
Workaround: What we can do is we can first get access token for API resources using Graph API configurations then we will load Power BI configurations to get access token for Power BI resources.
但这是我们面临的一个主要问题:如果用户再次访问API资源,则必须再次加载API配置,并再次提示用户登录.
But here we have one major problem: If again user access API resources, it has to load again the API configuration and again user will be prompted for sign-in.
方法1 :我们可以在同一AD(Active Directory)下注册Microsoft graph API资源和Power BI资源,以便可以使用相同的访问令牌访问两端的资源(I不确定我们是否可以使用相同的访问令牌访问多个资源.
Approach 1: We can register both Microsoft graph API resources and Power BI resources under the same AD (Active Directory), so that resources from both ends can be accessed using the same access token (I am not sure whether we can access multiple resources using same access token).
请提出我们如何处理此问题的建议.
Please suggest how we can deal with this.
等待您宝贵的回应方法.
推荐答案
问题: 我不确定是否可以使用相同的访问令牌访问多个资源?
Question: I am not sure whether we can access multiple resources using same access token?
答案:很遗憾,您不能这样做.当您请求令牌时,所有Microsoft Provided身份验证流程都不允许多个Resource/Scope.
Answer: Unfortunately, you cannot do that. All the Microsoft Provided authentication flow does not allow multiple Resource/Scope while you would request for token.
您将遇到流动错误.
AADSTS28000:输入参数范围的提供的值无效 因为它包含多个资源.
AADSTS28000: Provided value for the input parameter scope is not valid because it contains more than one resource.
因此,您必须分别向每个资源/范围请求令牌.
So you have to request with each resource/Scope for token separately.
For more details you could take a look on official docs
这篇关于在单个授权请求中访问多个资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
