如何获取Azure轻松身份验证JWT access_token [英] How to get Azure easy auth JWT access_token
问题描述
我有一个Azure应用服务,已在其上启用身份验证/授权并将AD配置为身份验证提供程序.
该服务上存在所有/.auth路由,我可以登录.成功登录后,我可以调用/.auth/me以获得access_token.响应如下:
[
{
"access_token": "AQABAAAAAA...Gni4EiQgAA",
"expires_on": "2017-02-28T19:17:08.0000000Z",
"id_token": JWT TOKEN
...
}
]
然后我在授权承载头中使用access_token从服务中请求数据.
"Authorization": "Bearer " + "AQABAAAAAA...Gni4EiQgAA"
我的服务返回以下错误
IDX10708: 'System.IdentityModel.Tokens.JwtSecurityTokenHandler' cannot read this string: 'AQABAAAAAA...Gni4EiQgAA'.
The string needs to be in compact JSON format, which is of the form: '<Base64UrlEncodedHeader>.<Base64UrlEndcodedPayload>.<OPTIONAL, Base64UrlEncodedSignature>'.
根据此讨论 access_token旨在用作不记名令牌.我还阅读了此处认为access_token应该是base64编码的,但事实并非如此.
此外,如果我将id_token用作Bearer令牌,那么身份验证将按预期进行(id_token为JWT格式).
修改
当我按照
如何获取Azure轻松身份验证JWT access_token 根据您的描述,我启用了身份验证/授权并将AD配置为身份验证提供程序来测试此问题.众所周知,当您在Azure Portal上启用身份验证/授权时,默认的 注意:如果未为 然后我在授权承载头中使用access_token从服务请求数据. 要访问您的服务,可以使用 有关更多详细信息,您可以参考类似的教程. I have an Azure App Service on which I have enabled Authentication/Authorization and configured AD as the authentication provider. All I then use the My service returns the following error According to this discussion the Additionally, if I use the Edit When I manually implement the Oauth flow as described here, I receive a proper JWT Followed by
How to get Azure easy auth JWT access_token According to your description, I enabled Authentication/Authorization and configured AD as the authentication provider to test this issue. As I known, when you enable Authentication/Authorization on Azure Portal, then the default Note: If you do not specify the I then use the access_token in an authorization bearer header to request data from the service. For accessing your service, you could leverage For more details, you could refer to this similar tutorial. 这篇关于如何获取Azure轻松身份验证JWT access_token的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
response_type是id_token.您需要登录 https://manage.windowsazure.com 并按如下所示更新App Service Auth配置:
additionalLoginParams指定resource,则将检索非JSON Web令牌(JWT)格式的access_token.
AppServiceAuthSession cookie或使用Authorization:Bearer "{your-id-token}"./.auth routes exist on the service, and I can log in. After successful login I can call /.auth/me to get the access_token. The response looks like:[
{
"access_token": "AQABAAAAAA...Gni4EiQgAA",
"expires_on": "2017-02-28T19:17:08.0000000Z",
"id_token": JWT TOKEN
...
}
]
access_token in an authorization bearer header to request data from the service."Authorization": "Bearer " + "AQABAAAAAA...Gni4EiQgAA"
IDX10708: 'System.IdentityModel.Tokens.JwtSecurityTokenHandler' cannot read this string: 'AQABAAAAAA...Gni4EiQgAA'.
The string needs to be in compact JSON format, which is of the form: '<Base64UrlEncodedHeader>.<Base64UrlEndcodedPayload>.<OPTIONAL, Base64UrlEncodedSignature>'.
access_token is intended to be used as a Bearer token. I have also read here that the access_token is supposed to be base64 encoded but this does not appear to be the case.id_token as a Bearer token, then authentication works as expected (the id_token is in JWT format).access_token.GET
https://login.microsoftonline.com/common/oauth2/authorize?client_id=client_id&response_type=code&redirect_uri=redirect_uri
POST
https://login.microsoftonline.com/common/oauth2/token
grant_type=authorization_code
client_id=client_id
code=CODE FROM ABOVE
redirect_uri=redirect_uri
resource=resource
client_secret=client_secret
RESPONSE
{
"access_token": JWT TOKEN,
"token_type": "Bearer",
...
}
response_type is id_token. You need to log into https://manage.windowsazure.com and update App Service Auth Configuration as follows:resource for additionalLoginParams, you would retrieve a access_token that is not in JSON Web Token (JWT) format.
AppServiceAuthSession cookie or you could use Authorization:Bearer "{your-id-token}".
