Azure AD令牌终结点不返回access_token(仅是id_token和refresh_token) [英] Azure AD token endpoint doesn't return an access_token (just an id_token and a refresh_token)

问题描述

我正在使用Xamarin.Auth在基于Xamarin Forms的移动应用程序中针对Google和Azure AD验证用户身份.尽管所有功能都可以在Google上正常运行，但我无法使用Azure AD获得access_token:

I'm using Xamarin.Auth for authenticating users against Google and Azure AD in a Xamarin Forms based mobile app. While everything works as expected with Google, I'm unable to get an access_token with Azure AD:

• 授权可按预期方式提供代码和状态
• 令牌返回一个id_token和一个refresh_token，但没有access_token.

我可以在Postman中重播这种情况，所以这似乎不是Xamarin.Auth引起的，而且更有可能归咎于我无法正确解释Microsoft的文档...

I can replay this scenario in Postman, so this doesn't seem to be caused by Xamarin.Auth and is more likely to be blamed to my inability to properly interpret Microsoft's documentation...

您的帮助将不胜感激！

推荐答案

在Azure AD V2.0中获取令牌时，应包括资源范围.与Azure AD集成的任何Web托管资源都具有资源标识符或应用程序ID URI.例如，Microsoft Graph是https://graph.microsoft.com.

You should include resource scope when acquiring token in Azure AD V2.0. Any web-hosted resource that integrates with Azure AD has a resource identifier, or Application ID URI. For example, Microsoft Graph is https://graph.microsoft.com.

如果要获取Microsoft graph的访问令牌，并有权读取登录用户的邮件，则令牌请求为:

If you want to acquire access token for microsoft graph , and have permission to read mails of sign-in user , then token request would be :

POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh    // NOTE: Only required for web apps

请阅读本文档，了解OAuth 2.0授权代码流如何在Azure AD V2.0中工作.然后单击

Please read this document for how OAuth 2.0 Authorization Code Flow works in Azure AD V2.0 .And click here for Scopes, permissions, and consent in the Azure Active Directory v2.0 endpoint

这篇关于Azure AD令牌终结点不返回access_token(仅是id_token和refresh_token)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！