使用Azure AD Graph API时如何获取用于获取access_token的“代码" [英] how to get 'code' for getting access_token when using Azure AD Graph API

问题描述

我是Azure AD的新手，并且想通过我的Java应用程序与其进行交互. 经过研究后，我发现我们需要获取bearer_token才能将Graph API用于Azure AD.

I am newbie to Azure AD and want to interact with it through my java app. After doing some research, I found that we need to get bearer_token in order to use Graph API for Azure AD.

我正在跟踪此链接以获取不记名令牌但面临参数之一的问题.

I am following this link to get bearer token but facing issue with one of parameters.

现在，如上图(从上方的链接所示)所示，有几个参数，并且给出了与它们有关的信息，如它们是什么以及如何检索它们，但我看不到任何与"code"参数有关的信息.

Now as shown in below image from above link, there are several parameters and information related to them is given like what they are and how to retrieve them but I dont see any information related 'code' parameter.

有人可以告诉我这个代码"是什么，我应该如何获得它?

Can somebody tell me what is this 'code' and how am I supposed to get it?

注意:我有免费的Azure AD试用帐户.

Note: I have free trial account of Azure AD.

非常感谢您的帮助！

关于， 阿米特(Amit)

Regards, Amit

推荐答案

您正尝试使用授权码授予流程.您可以在 Microsoft文档

You are trying to use Authorization Code Grant Flow. You can read in detail about the flow and steps here in Microsoft Docs

这是一个两步过程:

步骤1 :点击/authorize端点获取授权码.您将获得一个authorization_code作为对此调用的响应.示例如下所示:

STEP 1: Get Authorization Code by hitting the /authorize endpoint. You will get an authorization_code back as response for this call. Example shown below:

// Line breaks for legibility only

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345

第2步:在上次调用中获得了授权码后，您就可以将其兑换为访问令牌.示例如下所示:

STEP 2: Once you have an authorization_code from previous call, you can redeem it for an access token. Example shown below:

// Line breaks for legibility only

POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh    // NOTE: Only required for web apps

这篇关于使用Azure AD Graph API时如何获取用于获取access_token的“代码"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！