如何在MSAL.NET上使用oAuth State参数 [英] How to use oAuth State parameter on MSAL.NET

问题描述

我正在尝试使用OAuth2.0 state 参数使用MSAL 4.0的.NET Core项目上的/develop/v2-oauth2-auth-code-flow"rel =" nofollow noreferrer>授权流程，但我找不到解决方法.

我想提供/附加一个自定义值(在AuthN成功之后，将用户重定向回单击登录按钮的Uri).为此，我还需要以状态"发送当前Uri并取回 state 值，但在 AuthenticationResult.cs 上看不到任何方法/属性

那么，如何在使用MSAL的.NET Core项目上对自定义数据使用 state 参数?

解决方案

您不需要使用它，这是一项可选的安全功能.MSAL.net采用2种机制来防止XSRF和中间人攻击: state 和 PKCE .

状态参数仅由AAD返回.MSAL会将请求中的状态参数与授权码响应中的状态参数进行比较.

I am trying to make usage of the state parameter which exists in OAuth2.0 authorization flow on a .NET Core project, using MSAL 4.0 but I couldn`t find a way to do it.

I want to provide/append a custom value (Redirect the user back to the Uri where they clicked the sign-in button, after AuthN succeeds). To do that, I would also need to send the current Uri in 'state' and retrieve the state value back, but I don't see any method/property on AuthenticationResult.cs that would hold it.

So, how can I use the state parameter with custom data on a .NET Core project using MSAL?

解决方案

You don't need to use it, it's an optional security feature. MSAL.net employs 2 mechanism to prevent against attacks such as XSRF and man-in-the-middle: state and PKCE.

The state param is simply returned back by AAD. MSAL will compare the state param in the request with the state param in the authorisation code response.

这篇关于如何在MSAL.NET上使用oAuth State参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！