Azure B2C身份验证中的“作用域"有什么用途? [英] What use are 'Scopes' in Azure B2C Authentication?
问题描述
我不知道应该如何使用Azure B2C中的范围".它们与API关联,但与用户无关.我确定我缺少了一些东西,但是我看不到与API相关联的东西的实际用途.我已经基于数据库中用户的角色使用并实现了基于声明的身份验证.
I don't understand how the 'Scopes' in Azure B2C are supposed to be used. They are associated with an API, but not a user. I'm sure I'm missing something, but I see no practical use for something associated with an API. I've used and implemented Claims-based authentication based on a user's role in the database.
例如:API的普通用户不应有权删除对象,而管理员应当有权删除对象.有人有实用的示例说明如何使用这些B2C范围"来限制用户对API的访问吗?
For example: ordinary users of an API should not have the authority to delete an object, but administrators should have the authority. Does someone have a practical example of how these B2C 'Scopes' can be used to limit a users access to the API?
推荐答案
角色和范围为此用户访问控制提供了两半.
Roles and scopes provide the two halves for this user access control.
角色(例如Administrator,Member和Guest)确定是否允许经过身份验证的用户删除对象.
Roles -- such as Administrator, Member, and Guest -- determine whether an authenticated user is permitted to delete objects.
范围-如read,write和delete-确定授权应用程序是否可以代表授权/同意用户删除对象,如果该用户通过其角色分配是可以这样做.
Scopes -- such as read, write, and delete -- determine whether an authorized application can delete objects on behalf of an authorizing/consenting user if this user, through their role assignment/s, is permitted to do so.
Azure AD B2C当前不支持管理角色和将角色分配给用户.
Azure AD B2C doesn't have any current support for managing roles and assignments of them to users.
但是,它确实支持管理范围和将范围分配给应用程序.
It does, however, have support for managing scopes and assignments of them to applications.
这篇关于Azure B2C身份验证中的“作用域"有什么用途?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
