如何使用Azure Easy Auth获得访问令牌? [英] How to gain access tokens using Azure Easy Auth?
问题描述
我有一个使用React和Web API构建的单页应用程序(SPA),两者都托管在Azure的App Service上.身份验证由Azure AD提供.
I have a Single Page Appplication (SPA) built using React and a Web API, both of which are hosted on Azure's App Service. Authentication is provided by Azure AD.
我一直在将Active Directory身份验证库(ADAL)用于JavaScript.虽然所有示例似乎都是关于Angular的,但我设法获得了与React应用程序一起使用的库的纯JavaScript版本.我已经使用OAuth2隐式授予流来最终通过SPA提供对Web API的经过身份验证的访问.
I have been using the Active Directory Authentication Library (ADAL) for JavaScript. While all the examples seem to be about Angular, I have managed to get the pure JavaScript version of the library working with the React application. I have used the OAuth2 implicit grant flow to utimately provide authenticated access to the Web API via the SPA.
一切都可以在ADAL上正常运行,但是这种方法要求您具有登录和注销机制(例如,通过按钮).授权代码作为片段添加到URL,其余的由ADAL方便地完成.但是,我希望整个应用程序都是安全的/经过身份验证的,因此我设置了简易身份验证"-通过App Service进行身份验证.
Everything works fine with ADAL, but this approach requires you to have a login and logout mechanism (eg. via a button). The authorization code is added to the URL as a fragment and ADAL conveniently does the rest. However, I would like the entire application to be secure/authenticated and so I have setup "Easy Auth" - authentication via the App Service.
使用简易身份验证"时,您登录了该应用程序,但URL中没有返回片段,因此无法使用ADAL来获取API的访问令牌.
When working with "Easy Auth" you sign-on to the application but there is no fragment returned in the URL and so ADAL cannot be used to acquire an access token for the API.
使用简易身份验证"时,获取隐式授权所需的访问令牌的最佳方法是什么?有没有办法将ADAL纳入简易身份验证"流程?
What is the best way to gain access tokens like those needed for implicit grant when using "Easy Auth"? Is there a way to incorporate ADAL into an "Easy Auth" flow?
谢谢.
推荐答案
如果将单页应用程序和Web API部署到同一Azure的应用程序服务中,并使用Easy Auth保护应用程序服务,则无需使用adal在单页应用程序中立即调用Web API.
If you deploy the single page application and web API into the same Azure's app service and protect the app service using the Easy Auth, there is no necessary to use adal in the single page application to call the web API now.
在这种情况下,您可以通过服务器流登录应用程序服务,然后可以直接调用Web API,因为Easy Auth将通过cookie验证请求.并且,如果Web API还为您要使用令牌调用的其他客户端提供服务器,则需要使用Azure AD应用程序来获取id_token/access_token,以保护应用程序服务,并使用Azure AD发行的id_token/access_token交换身份验证令牌.此进度称为客户端流.
In this scenario, you are able to login the app service via the server-flow and then you can call the web API directly since the Easy Auth will authenticate the request via the cookies. And if the web API also server other clients you want to call using the token, you need to get the id_token/access_token using the Azure AD app which you protect the app service and exchange the authentication token using id_token/access_token issued by Azure AD. This progress is called client-flow.
More detail about these two flows, you can refer link here.
这篇关于如何使用Azure Easy Auth获得访问令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
