具有Azure Active Directory和Swagger的客户端凭据授权 [英] Client Credentials authorization with Azure Active directory and Swagger

问题描述

需要获取授权令牌才能访问在本地主机上运行的应用程序.我从UseSwaggerUi3中的Swagger OAuth2客户端向AAD令牌端点查询令牌.我收到CORS错误，指示端点不允许我的本地主机发出跨源请求.我该如何解决?

Need to get the authorization token to access my app running on localhost. I query the AAD token endpoint for the token from the Swagger OAuth2 client in UseSwaggerUi3. I get the CORS error that endpoint is not allowing the cross origin requests from my localhost. How can I fix this?

如果我使用Fiddler将POST请求发送到同一端点，则能够获得令牌.

I'm able to get the token if I send a POST request to the same endpoint using Fiddler.

推荐答案

您不能从前端使用客户端凭据流.首先，因为您的秘密对于任何看到该页面的人都是可见的.

You can't use client credentials flow from the front-end. Firstly because your secret is visible to anyone who sees the page.

第二，因为Azure AD阻止了对其令牌终结点的跨源请求. (如您所见)

Secondly because Azure AD blocks cross origin requests to its token endpoint. (as you saw)

您需要在用户上下文中使用授权代码或隐式流.或构建另一个API，该API在后端获取令牌并使用该API调用另一个API.

You need to use authorization code or implicit flow with user context. Or build another API which gets the token in the back-end and calls the other API with it.

这篇关于具有Azure Active Directory和Swagger的客户端凭据授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！