为什么AcquireTokenByAuthorizationCode不返回RefreshToken [英] Why doesn't AcquireTokenByAuthorizationCode return RefreshToken
问题描述
在此
使用我的浏览器和邮递员,并遵循问题与我的类似,并且博客文章答案之一可以解决没有刷新令牌的症状,但是我的问题仍然存在:
如何获取 AcquireTokenByAuthorizationCode
以返回refresh_token?
在Global.cs中: 然后, In this documentation it gives a complete flow for a web application that calls a web API:
公共静态字符串OfflineAccessScope = ApiIdentifier + ConfigurationManager.AppSettings ["api:OfflineAccessScope"];public static string [] Scopes = new string [] {ReadTasksScope,WriteTasksScope,OfflineAccessScope};
AcquireTokenByAuthorizationCode
中的 Globals.Scopes
将返回刷新令牌.
- The web application executes a policy and the user completes the user experience.
- Azure AD B2C returns an (OpenID Connect) id_token and an authorization code to the browser.
- The browser posts the id_token and authorization code to the redirect URI.
- The web server validates the id_token and sets a session cookie.
- The web server asks Azure AD B2C for an access_token by providing it with the authorization code, application client ID, and client credentials.
- The access_token and refresh_token are returned to the web server.
- The web API is called with the access_token in an authorization header.
- The web API validates the token.
- Secure data is returned to the web application.
Looking at 6. and using the code in the Azure-Samples repository active-directory-b2c-dotnet-webapp-and-webapi , I cannot get the line
AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Globals.Scopes, notification.Code).ExecuteAsync();
to return a refresh_token. It returns an IdToken and AccessToken but no RefreshToken.
By using my browser and Postman and following the steps in this document with the same B2C tenant and application I do get the refresh token as expected.
This question is similar to mine and the blog post mentioned in one of the answers provides a work around to the symptom of not having a refresh token but my question remains:
How can I get AcquireTokenByAuthorizationCode
to return a refresh_token?
The offline_access scope is optional for web apps. It indicates that your app needs a refresh token for long-lived access to resources.
Go to web.config add below:
<add key ="api:OfflineAccessScope" value="offline_access "/>
And in Global.cs :
public static string OfflineAccessScope = ApiIdentifier + ConfigurationManager.AppSettings["api:OfflineAccessScope"];
public static string[] Scopes = new string[] { ReadTasksScope, WriteTasksScope, OfflineAccessScope};
Then the Globals.Scopes
in AcquireTokenByAuthorizationCode
will return refresh token.
这篇关于为什么AcquireTokenByAuthorizationCode不返回RefreshToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!