为什么Azure AD B2C使用代码而不是id_token进行重定向? [英] Why does Azure AD B2C redirect with a code instead of id_token?
问题描述
我正在尝试设置AD B2C,并跟随着我在网上找到的各种教程.我正要测试用户流.我可以成功登录,但是当我重定向到 https://jwt.ms 时,没有显示任何内容:
但是,我注意到我的URL与教程中显示的URL不同.它具有 code 而不是 id_token :
https://jwt.ms/?code = eyJraW ... 我一直在尝试找出导致B2C使用代码而不是ID令牌重定向的原因,但未成功.谁能告诉我为什么会这样吗?
更新
好的,我现在知道是什么原因造成的,但是并没有真正理解我的设置与教程中看到的设置有何不同.我发现如果我在我的应用程序注册中启用隐式授权,如下所示:
然后一切都会按预期进行.请注意,我必须同时启用和.
我还注意到,当我测试用户流时,这些隐式授权的状态决定了授权URL中是否具有 response_type = code 或 response_type = id_token :
除了更改隐式授予的状态外,似乎没有一种方法可以在测试用户流UI中设置所需的 response_type .自从编写教程以来,这可能是Azure门户中行为的改变??
如您所见,如果我们在Azure AD应用中设置隐式授予,则用户流终结点将生成 response_type =id_token 而不是 response_type = code .这是Azure AD B2C用户流的设计.
如果我们不这样做,则 response_type = code 表示它是
I'm trying to set up AD B2C and am following along with various tutorials I've found online. I'm at the point where I'm testing user flows. I can successfully login, but when I'm redirected to https://jwt.ms, it shows me nothing:
However, I noticed that my URL differs from that shown in tutorials. It has a code instead of id_token:
https://jwt.ms/?code=eyJraW...
I've been trying to figure out what is causing B2C to redirect with a code rather than ID token, but have been unsuccessful. Can anyone tell me why this might be occurring?
UPDATE
OK, I see what's causing this now, but don't really understand where my setup differs from what I'm seeing in tutorials. I found that if I enable implicit grants on my app registration as follows:
Then everything works as expected. Note that I have to enable both.
I also noticed that when I test a user flow, the status of those implicit grants determines whether it has response_type=code or response_type=id_token in the authorization URL:
There doesn't seem to be a way to set the desired response_type from within the test user flow UI other than changing the status of the implicit grants. Maybe this is a change of behavior in the Azure portal since the tutorials were made...?
As you have found, if we set Implicit grant in Azure AD app, the user flow endpoint will generate response_type=id_token instead of response_type=code. It is by-design of Azure AD B2C user flow.
If we don't do this, response_type=code means it is authorization code flow, that is why you get this: https://jwt.ms/?code=eyJraW....
I'm not sure why you want to change the response_type in other ways. It should be the easiest. But if you want to change it manually, just click the copy button, change the response_type value, and then access it in the browser.
这篇关于为什么Azure AD B2C使用代码而不是id_token进行重定向?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
