为什么AcquireTokenByAuthorizationCode不返回RefreshToken [英] Why doesn't AcquireTokenByAuthorizationCode return RefreshToken

查看:109
本文介绍了为什么AcquireTokenByAuthorizationCode不返回RefreshToken的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在此

使用我的浏览器和邮递员,并遵循问题与我的类似,并且博客文章答案之一可以解决没有刷新令牌的症状,但是我的问题仍然存在:

如何获取 AcquireTokenByAuthorizationCode 以返回refresh_token?

解决方案

在Global.cs中:

 公共静态字符串OfflineAccessScope = ApiIdentifier + ConfigurationManager.AppSettings ["api:OfflineAccessScope"];public static string [] Scopes = new string [] {ReadTasksScope,WriteTasksScope,OfflineAccessScope};

然后, AcquireTokenByAuthorizationCode 中的 Globals.Scopes 将返回刷新令牌.

In this documentation it gives a complete flow for a web application that calls a web API:

  1. The web application executes a policy and the user completes the user experience.
  2. Azure AD B2C returns an (OpenID Connect) id_token and an authorization code to the browser.
  3. The browser posts the id_token and authorization code to the redirect URI.
  4. The web server validates the id_token and sets a session cookie.
  5. The web server asks Azure AD B2C for an access_token by providing it with the authorization code, application client ID, and client credentials.
  6. The access_token and refresh_token are returned to the web server.
  7. The web API is called with the access_token in an authorization header.
  8. The web API validates the token.
  9. Secure data is returned to the web application.

Looking at 6. and using the code in the Azure-Samples repository active-directory-b2c-dotnet-webapp-and-webapi , I cannot get the line

AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Globals.Scopes, notification.Code).ExecuteAsync();

to return a refresh_token. It returns an IdToken and AccessToken but no RefreshToken.

By using my browser and Postman and following the steps in this document with the same B2C tenant and application I do get the refresh token as expected.

This question is similar to mine and the blog post mentioned in one of the answers provides a work around to the symptom of not having a refresh token but my question remains:

How can I get AcquireTokenByAuthorizationCode to return a refresh_token?

解决方案

The offline_access scope is optional for web apps. It indicates that your app needs a refresh token for long-lived access to resources.

Go to web.config add below:

 <add key ="api:OfflineAccessScope" value="offline_access "/>

And in Global.cs :

public static string OfflineAccessScope = ApiIdentifier + ConfigurationManager.AppSettings["api:OfflineAccessScope"];
public static string[] Scopes = new string[] { ReadTasksScope, WriteTasksScope, OfflineAccessScope};

Then the Globals.Scopes in AcquireTokenByAuthorizationCode will return refresh token.

这篇关于为什么AcquireTokenByAuthorizationCode不返回RefreshToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆