AngularJS + ADAL.JS设置资源ID(受众) [英] AngularJS + ADAL.JS set Resource ID (Audience)
问题描述
如何使用 adal.js 在AngularJS能为观众 https://management.azure.com 从我的javascript code?
我已经创造了AD客户端应用程序,并设置其权限,以允许它访问的Windows Azure服务管理API。我angularjs code是如下:
adalService.init(
{
例如:https://login.windows.net/
房客:<&东西GT; .onmicrosoft.com
的clientId:<有的ID>中,
cacheLocation:localStorage的,
redirectUri:HTTP://本地主机:63691 / index.html的#/配置,
终点:{
/ *目标端点被称为':'目标端点的资源ID'* /
https://management.azure.com/subscriptions?api-version=2014-04-01':'https://management.azure.com/
}
},
$ httpProvider
);
如果我用邮差本adalService收到该调用 https://management.azure.com/subscriptions?api-version=2014-04-01 ,我得到以下错误:
访问令牌已经从错误的观众或资源获得'<有的ID>'。
它应该完全一致(包括正斜杠)与允许的观众的https://management.core.windows.net/','https://management.azure.com/之一。
好了,所以我发现通过ADAL.JS源$ C $ C要去这里后的溶液。在137行,它着眼于 config.loginResource 来查看是否通过了配置对象的时候就已经设置的init()功能。
把它在那里的人被卡住:
如果您需要令牌有 https://management.azure.com/ 索赔(或任何其他资源的URI),可以初始化AuthenticationContext像这样设置时观众:
的app.config(['$ routeProvider','$ httpProvider','adalAuthenticationServiceProvider',函数($ routeProvider,$ httpProvider,adalService){
adalService.init(
{
例如:https://login.microsoftonline.com/
房客:<&东西GT; .onmicrosoft.com
的clientId:<客户端ID>中,
cacheLocation:localStorage的',//可选
redirectUri:'<重定向-URI>,
loginResource:https://management.azure.com/'//设置听众
},
$ httpProvider
);
}]);
How can I use adal.js in AngularJS to get a bearer token for the audience https://management.azure.com from my javascript code?
I have created a Client application in the AD and set its permissions to allow it to access the "Windows Azure Service Management API". My angularjs code is as follows:
adalService.init(
{
instance: "https://login.windows.net/",
tenant: "<something>.onmicrosoft.com",
clientId: "<some id>",
cacheLocation: 'localStorage',
redirectUri: 'http://localhost:63691/index.html#/configure',
endpoints: {
/* 'target endpoint to be called': 'target endpoint's resource ID' */
'https://management.azure.com/subscriptions?api-version=2014-04-01': 'https://management.azure.com/'
}
},
$httpProvider
);
If I use the token received by this adalService in POSTMAN to call https://management.azure.com/subscriptions?api-version=2014-04-01, I get the following error:
The access token has been obtained from wrong audience or resource '<some id>'.
It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.windows.net/','https://management.azure.com/'.
Okay so I found the solution after going through the source code of ADAL.JS here. At line 137, it looks at config.loginResource to see if it has been set when passing the config object to the init() function.
Putting it out there for anyone getting stuck:
If you need your token to have the claim for "https://management.azure.com/" (or any other resource URI), you can set the audience when initializing the AuthenticationContext like so:
app.config(['$routeProvider', '$httpProvider', 'adalAuthenticationServiceProvider', function ($routeProvider, $httpProvider, adalService) {
adalService.init(
{
instance: "https://login.microsoftonline.com/",
tenant: "<something>.onmicrosoft.com",
clientId: "<client-id>",
cacheLocation: 'localStorage', //optional
redirectUri: '<redirect-uri>',
loginResource: 'https://management.azure.com/' //to set AUDIENCE
},
$httpProvider
);
}]);
这篇关于AngularJS + ADAL.JS设置资源ID(受众)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
