Xamarin Microsoft.Identity.Client AuthenticationResult AccessToken为空 [英] Xamarin Microsoft.Identity.Client AuthenticationResult AccessToken is null

问题描述

我正在创建一个使用Azure B2C对用户进行身份验证的Xamarin.Forms PCL应用程序.我以前使用的是 Microsoft.Identity.Client 版本1.0.304142221-alpha，但在NuGet上发布后，我才更新为1.1.0-preview.

我还使用Azure MobileServiceClient 登录用户，因此只有经过身份验证的用户才能调用我的表.

我能够成功进行身份验证，就像我设置的那样

对于我的本机客户端:

在我的应用中，我这样登录:

  AuthenticationResult ar =等待App.AuthenticationClient.AcquireTokenAsync(Scopes，GetUserByPolicy(App.AuthenticationClient.Users，PolicySignUpSignIn)，App.UiParent);有效负载= getPayload(ar.IdToken);payload ["access_token"] = ar.IdToken;var mobileService =新的Microsoft.WindowsAzure.MobileServices.MobileServiceClient("https://giftthis.azurewebsites.net/.auth/");MobileServiceUser u =等待mobileService.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory，有效负载); 

LoginAsync 现在正在执行，但是它返回null，因此我仍然无法调用表.

解决方案

我正在尝试使用 Microsoft.Identity.Client 版本1.1.0-preview测试此问题，但是它适用于我.

使用具有高级模式的Azure AD B2C应用程序保护该移动应用程序，并使用下图所示的应用程序ID设置允许的令牌受众:

此后，我使用了Azure移动客户端SDK .对于新的 MobileServiceClient ，我们只需要提供以下代码的移动应用程序URL:

  string applicationUrl ="https://mobilefei.azurewebsites.net/";var mobileClient = new MobileServiceClient(applicationUrl); 

但是，如果我使用 Azure移动服务SDK中的 MobileServiceClient ，我可以重现同一个问题，并出现 401 错误.在这种情况下，当我们需要添加 .auth 来初始化 MobileServiceClient 时，如下所示:

  string applicationUrl ="https://mobilefei.azurewebsites.net/.auth/";var mobileClient = new MobileServiceClient(applicationUrl); 

更新:

 字符串CLIENT_ID ="420a3a24-97cf-46ca-a882-f6c047b0d845";string [] SCOPES = {"https://xxx.onmicrosoft.com/b2cwebapp/read"};字符串Tenant ="xxx.onmicrosoft.com";字符串PolicySignUpSignIn ="B2C_1_Sign_In";字符串AuthorityBase = $"https://login.microsoftonline.com/tfp/{Tenant}/";字符串Authority = $"{AuthorityBase} {PolicySignUpSignIn}";PublicClientApplication myApp =新的PublicClientApplication(CLIENT_ID，Authority);AuthenticationResult authenticationResult = myApp.AcquireTokenAsync(SCOPES).Result;Console.WriteLine($"AccessToken:\ n {authenticationResult.AccessToken}");Console.WriteLine($"IdToken:\ n {authenticationResult.IdToken}");//此applicationUrl适用于WindowsAzure.MobileServices//string applicationUrl ="https://mobilefei.azurewebsites.net/.auth/";//此applicationUrl适用于Microsoft.Azure.Mobile.Client字符串applicationUrl ="https://mobilefei.azurewebsites.net/";var mobileClient = new MobileServiceClient(applicationUrl);JObject令牌=新的JObject();token.Add("access_token"，authenticationResult.IdToken);var user = mobileClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory，token).Result;Console.WriteLine($"UserID:\ n {user.UserId}");Console.Read(); 

I'm creating a Xamarin.Forms PCL application that uses Azure B2C to authenticate users. I was previously using Microsoft.Identity.Client version 1.0.304142221-alpha but I just updated to 1.1.0-preview after it came out on NuGet.

I'm also using the Azure MobileServiceClient to login users so only authenticated users can make calls to my tables.

I am able to successfully authenticate, which I set up like this sample on GitHub.

Using the previous version of Microsoft.Identity.Client, I was able to login to the MobileServiceClient like this:

AuthenticationResult ar = await App.AuthenticationClient.AcquireTokenAsync(Config.Scopes, 
         string.Empty, UiOptions.SelectAccount, string.Empty, null, 
         Config.Authority, Config.SignUpSignInpolicy);

JObject payload = getPayload(ar.IdToken);
payload["access_token"] = ar.Token;
string objectId = payload["oid"].ToString();

MobileServiceUser u = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory,
                      payload);

However, after the update, AuthenticationResult no longer has a member named Token. Instead, it has AccessToken, which for me, is always returning null.

I have tried logging into the MobileServiceClient using the IdToken, but this produces an unauthorized error.

I think this problem could have something to with the scopes I define. Right now I have:

public static string[] Scopes = { "https://<MyTennant>/<MyAPIName>.read"};

Are there any scopes that I'm missing to get the AccessToken or is the problem somewhere else?

Update: Here are my settings in the Azure Portal For my API:

For my Native Client:

In my App, I'm logging in like this:

AuthenticationResult ar = await App.AuthenticationClient.AcquireTokenAsync(Scopes, 
                     GetUserByPolicy(App.AuthenticationClient.Users, PolicySignUpSignIn),
                     App.UiParent);
payload = getPayload(ar.IdToken);
payload["access_token"] = ar.IdToken;

var mobileService = new Microsoft.WindowsAzure.MobileServices.MobileServiceClient("https://giftthis.azurewebsites.net/.auth/");
MobileServiceUser u = await mobileService.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, payload);

LoginAsync is now executing, but it returns null so I still can't make calls to the tables.

解决方案

I am trying to test this issue using the Microsoft.Identity.Client version 1.1.0-preview, however it works well for me.

The mobile app was protected using Azure AD B2C app with Advanced mode and set the ALLOWED TOKEN AUDIENCES using the app id like figure below:

After that I used the MobileServiceClient from Azure Mobile Client SDK. And to new the MobileServiceClient we only need to provide the mobile application URL as code below:

string applicationUrl = "https://mobilefei.azurewebsites.net/";
var mobileClient = new MobileServiceClient(applicationUrl);

However if I used the MobileServiceClient from Azure Mobile Services SDK , I can reproduce the same issue with 401 error. In this scenario, when we need append .auth to initialize the MobileServiceClient like code below:

string applicationUrl = "https://mobilefei.azurewebsites.net/.auth/";
var mobileClient = new MobileServiceClient(applicationUrl);

Update:

string CLIENT_ID = "420a3a24-97cf-46ca-a882-f6c047b0d845";
string[] SCOPES = { "https://xxx.onmicrosoft.com/b2cwebapp/read" };
string Tenant = "xxx.onmicrosoft.com";

string PolicySignUpSignIn = "B2C_1_Sign_In";
string AuthorityBase = $"https://login.microsoftonline.com/tfp/{Tenant}/";
string Authority = $"{AuthorityBase}{PolicySignUpSignIn}";


PublicClientApplication myApp = new PublicClientApplication(CLIENT_ID, Authority);

AuthenticationResult authenticationResult = myApp.AcquireTokenAsync(SCOPES).Result;

Console.WriteLine($"AccessToken:\n{authenticationResult.AccessToken}");

Console.WriteLine($"IdToken:\n{authenticationResult.IdToken}");

//This applicationUrl  works for WindowsAzure.MobileServices
//string applicationUrl = "https://mobilefei.azurewebsites.net/.auth/";

//This applicationUrl  works for Microsoft.Azure.Mobile.Client
string applicationUrl = "https://mobilefei.azurewebsites.net/";
var mobileClient = new MobileServiceClient(applicationUrl);

JObject token = new JObject();
token.Add("access_token", authenticationResult.IdToken);
var user = mobileClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, token).Result;
Console.WriteLine($"UserID:\n{user.UserId}");
Console.Read();

这篇关于Xamarin Microsoft.Identity.Client AuthenticationResult AccessToken为空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！