在Postman中针对AzureAD授权时如何获取v2 jwt令牌 [英] How to get a v2 jwt token when authorizing against AzureAD in Postman
问题描述
我能够获得
首先,我们需要在广告中创建应用程序,并将其支持的帐户类型"作为任何组织目录(任何Azure AD目录-多租户)中的帐户Microsoft帐户(例如Skype,Xbox)
.(当我们选择此选项时,清单中的属性 accessTokenAcceptedVersion
将为 2
).
然后,我们需要在其中添加一个范围,当我们请求访问令牌时,我们需要使用 openid api://xxxxxx/User.read
而不是仅使用 openid
作为邮递员提供的屏幕截图.
之后,我们可以请求访问令牌(v2)
解析访问令牌,它将显示v2.
有关如何添加范围的更新:
我们可以在门户网站的应用程序中添加范围(如以下屏幕截图所示):
然后我们可以直接从此处复制范围,如下所示:
I'm able to get a v1.0 jwt token with the below settings.
How do I make the https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize
endpoint return v2.0?
First we need to create app in ad with "Supported account types" as Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
.(when we choose this option, the property accessTokenAcceptedVersion
in its Manifest will be 2
).
Then we need to add a scope in it, and when we request the access token, we need to use openid api://xxxxxx/User.read
instead of only openid
in postman as the screenshot you provided.
After that, we can request the access token(v2)
Parse the access token, it will show v2.
Update about how to add scope:
We can add the scope in app on portal(shown as screenshot below):
Then we can copy the scope directly from here as below:
这篇关于在Postman中针对AzureAD授权时如何获取v2 jwt令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!