新的 MicrosoftTeams.authentication.getAuthToken 不是 MS Graph Bearer: 令牌? [英] New MicrosoftTeams.authentication.getAuthToken is not a MS Graph Bearer: token?

问题描述

在单团队登录

我有电话 microsoftTeams.authentication.getAuthToken(authTokenRequest); 正在工作；也就是说，它成功返回一个令牌，成功解析到我的 Azure Active Directory (AAD).都好.出乎意料的轻松.JWT 返回正确的受众和范围(正如我在租户的 AAD 中设置的那样)

I have the call microsoftTeams.authentication.getAuthToken(authTokenRequest); working; that is, it successfully returns a token resolving to my Azure Active Directory (AAD) successfully. All good. Surprisingly easy. JWT returns with correct audience and scopes (as I have set in my tenant's AAD)

然而当我解码 JWT 时我得到的似乎只是一个身份验证令牌，而不是一个访问令牌.

However what I get back when I decode the JWT this seems to just be an Authentication Token, not an Access Token.

在 Task Meow 查看示例/teams.auth.service.js 似乎没有显示如何为访问令牌交换身份验证.

Looking at the sample at Task Meow/teams.auth.service.js Does not seem to show how to swap the Auth for the Access Token.

我假设代码看起来像 getToken() 方法......但是因为我已经在身份验证上花费了 10 多个工作日(老 ADAL 哦，我的天哪，这太可怕了)......

I assume the code will look something like the method getToken() ... but since I have already spent 10+ working days on auth (old ADAL OH MY GOODNESS WAS THIS HORRIBLE) ...

问题:

我想知道是否还有其他好的 MicrosoftTeams.js Authenticate/Auth Token/MSAL Access token 示例?

I was wondering if there are any other good samples of MicrosoftTeams.js Authenticate / Auth Token / MSAL Access token out there?

推荐答案

无论如何，我确实通过以下方式解决了我的问题

Anyway, I did solve my problem by the following

1. 通过auth.service.js > sso.auth.service.js > teams.auth.service.js的抽象遵循TaskMeow的例子代码>
2. 因为我想要额外的 AAD 范围(Files.ReadWrite.All 以访问 Teams 中的 Sharepoint Online 文件和 Groups.ReadWrite.All - 添加选项卡)我的 <teams.auth.service.js 中的 code>getToken() 方法类似于以下内容:

1. Follow TaskMeow example through the abstractions ofauth.service.js > sso.auth.service.js > teams.auth.service.js
2. As I wanted additional AAD scopes (Files.ReadWrite.All to access the Sharepoint Online files in Teams and Groups.ReadWrite.All - to add Tabs) my getToken() method in teams.auth.service.js is something like the following:

getToken() {
    if (!this.getTokenPromise) {
      this.getTokenPromise = new Promise((resolve, reject) => {
        this.ensureLoginHint().then(() => {
          this.authContext.acquireToken(
            'https://graph.microsoft.com',
            (reason, token, error) => {
              if (!error) {
                resolve(token);
              } else {
                reject({ error, reason });
              }
            }
          );
        });
      });
    }
    return this.getTokenPromise;
  }

编辑评论:

1. Microsoft Teams 中的身份验证太难
2. 文档中似乎有很多方法"
3. 目前的SSO"流程仍然存在缺陷，处于开发者预览版"中

如果您是 SPA 开发人员，那就太难了.我(显然)不是身份验证方面的专家——所以当前的食谱"是必不可少的.

If you are an SPA developer it is just too difficult. I am (obviously) not an expert on Authentication -- so current "recipes" are imperative.

如果您想要的不仅仅是 单点登录 ... Microsoft Graph 中的大部分好东西"都在这些默认范围之外.

This is especially the case if you want more than the default "scopes" as described in Single Sign-on ... and most of the "good stuff" in Microsoft Graph is outside of these default scopes.

这篇关于新的 MicrosoftTeams.authentication.getAuthToken 不是 MS Graph Bearer: 令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！