Azure应用oauth2在客户端凭据授予类型中生成错误的访问令牌 [英] Azure app oauth2 generating wrong access token in Client Credentials grant type

问题描述

我是将Azure AD与OAuth2结合使用的初学者.我在Azure AD中部署了一个示例WEB API.我通过Postman应用程序使用了我的WEB API.在Postman中使用WEB API之前，我需要生成访问令牌.但是，当我在邮递员中生成访问令牌时，它始终会接受Grant Type - Authentication Code.当我将值更改为Client Credentials时，API中不接受生成的访问令牌.它显示UnAuthorized消息.

I am a beginner in using Azure AD with OAuth2. I deployed a sample WEB API in my Azure AD. I consume my WEB API through the Postman application. Before consume the WEB API in Postman I need to generate the access token. But when i generate the access token in post man it's always accept the Grant Type - Authentication Code. When i change the value to Client Credentials the generated access token is not accepted in the API. it's shows UnAuthorized message.

在Azure门户中-应用程序设置'证书&机密信息窗口中，我创建了一个描述为邮递员"的客户机密信息.我没有在此应用程序中上传证书.

In Azure portal - app settings 'Certificates & Secrets' window i create a client secret with description 'postman'. I didn't upload the certificate in this app.

我想生成授权类型"值为客户凭证"的访问令牌.有其他配置吗?

I want to generate the access token with 'Grant Type' value 'Client Credentials'. Is there any additional configuration for this ?

推荐答案

Is there any additional configuration for this ?

Is there any additional configuration for this ?

否，没有用于使用以下方式生成令牌的其他设置: client_credentials .

No, there is no additional settings for generating token using client_credentials.

您都需要以下参数:

1. client_id
2. client_secret
3. resource(For v2.0 scope)
4. grant_type

1. client_id
2. client_secret
3. resource (For v2.0 scope)
4. grant_type

您如何在PostMan中请求令牌:

Your Token Endpoint:

Your Token Endpoint:

https://login.microsoftonline.com/YourTenent.onmicrosoft.com/oauth2/token Method Type: POST

Request Body:

Request Body:

grant_type:client_credentials

client_id:00ab01_Your_Azure-Ad_Application_Id_fbbf8e

client_secret:XNk2zgXx_Your_Azure-Ad_Application_Secret_vjdz2Q

resource:https://graph.microsoft.com/

查看屏幕截图:

代码段:

  //Token Request End Point
    string tokenUrl = $"https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/token";
    var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);

    //I am Using client_credentials as It is mostly recommended
    tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>
    {
        ["grant_type"] = "client_credentials",
        ["client_id"] = "b6695c7be_YourClient_Id_e6921e61f659",
        ["client_secret"] = "Vxf1SluKbgu4PF0Nf_Your_Secret_Yp8ns4sc=",
        ["resource"] = "https://graph.microsoft.com/" 
    });

    dynamic json;
    AccessTokenClass results = new AccessTokenClass();
    HttpClient client = new HttpClient();

    var tokenResponse = await client.SendAsync(tokenRequest);

    json = await tokenResponse.Content.ReadAsStringAsync();
    results = JsonConvert.DeserializeObject<AccessTokenClass>(json);

使用的类:

public class AccessTokenClass
   {
        public string token_type { get; set; }
        public string expires_in { get; set; }
        public string resource { get; set; }
        public string access_token { get; set; }
   }

希望有帮助.如果您还有任何顾虑，请随时分享.

Hope that would help. If you still have any concern feel free to share.

这篇关于Azure应用oauth2在客户端凭据授予类型中生成错误的访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！