Azure应用oauth2在客户端凭据授予类型中生成错误的访问令牌 [英] Azure app oauth2 generating wrong access token in Client Credentials grant type
问题描述
我是将Azure AD与OAuth2结合使用的初学者.我在Azure AD中部署了一个示例WEB API.我通过Postman应用程序使用了我的WEB API.在Postman中使用WEB API之前,我需要生成访问令牌.但是,当我在邮递员中生成访问令牌时,它始终会接受Grant Type - Authentication Code
.当我将值更改为Client Credentials
时,API中不接受生成的访问令牌.它显示UnAuthorized
消息.
I am a beginner in using Azure AD with OAuth2. I deployed a sample WEB API in my Azure AD. I consume my WEB API through the Postman application. Before consume the WEB API in Postman I need to generate the access token. But when i generate the access token in post man it's always accept the Grant Type - Authentication Code
. When i change the value to Client Credentials
the generated access token is not accepted in the API. it's shows UnAuthorized
message.
在Azure门户中-应用程序设置'证书&机密信息窗口中,我创建了一个描述为邮递员"的客户机密信息.我没有在此应用程序中上传证书.
In Azure portal - app settings 'Certificates & Secrets' window i create a client secret with description 'postman'. I didn't upload the certificate in this app.
我想生成授权类型"值为客户凭证"的访问令牌.有其他配置吗?
I want to generate the access token with 'Grant Type' value 'Client Credentials'. Is there any additional configuration for this ?
推荐答案
Is there any additional configuration for this ?
Is there any additional configuration for this ?
否,没有用于使用以下方式生成令牌的其他设置:
client_credentials
.
No, there is no additional settings for generating token using
client_credentials
.
您都需要以下参数:
-
client_id
-
client_secret
-
resource
(For v2.0
scope
) -
grant_type
client_id
client_secret
resource
(For v2.0
scope
)grant_type
您如何在PostMan中请求令牌:
Your Token Endpoint:
Your Token Endpoint:
https://login.microsoftonline.com/YourTenent.onmicrosoft.com/oauth2/token
Method Type:
POST
Request Body:
Request Body:
grant_type:client_credentials
client_id:00ab01_Your_Azure-Ad_Application_Id_fbbf8e
client_secret:XNk2zgXx_Your_Azure-Ad_Application_Secret_vjdz2Q
resource:https://graph.microsoft.com/
查看屏幕截图:
代码段:
//Token Request End Point
string tokenUrl = $"https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/token";
var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);
//I am Using client_credentials as It is mostly recommended
tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "client_credentials",
["client_id"] = "b6695c7be_YourClient_Id_e6921e61f659",
["client_secret"] = "Vxf1SluKbgu4PF0Nf_Your_Secret_Yp8ns4sc=",
["resource"] = "https://graph.microsoft.com/"
});
dynamic json;
AccessTokenClass results = new AccessTokenClass();
HttpClient client = new HttpClient();
var tokenResponse = await client.SendAsync(tokenRequest);
json = await tokenResponse.Content.ReadAsStringAsync();
results = JsonConvert.DeserializeObject<AccessTokenClass>(json);
使用的类:
public class AccessTokenClass
{
public string token_type { get; set; }
public string expires_in { get; set; }
public string resource { get; set; }
public string access_token { get; set; }
}
希望有帮助.如果您还有任何顾虑,请随时分享.
Hope that would help. If you still have any concern feel free to share.
这篇关于Azure应用oauth2在客户端凭据授予类型中生成错误的访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!