新的 MicrosoftTeams.authentication.getAuthToken 不是 MS Graph Bearer: 令牌? [英] New MicrosoftTeams.authentication.getAuthToken is not a MS Graph Bearer: token?
问题描述
我有电话 microsoftTeams.authentication.getAuthToken(authTokenRequest);
正在工作;也就是说,它成功返回一个令牌,成功解析到我的 Azure Active Directory (AAD).都好.出乎意料的轻松.JWT 返回正确的受众和范围(正如我在租户的 AAD 中设置的那样)
I have the call microsoftTeams.authentication.getAuthToken(authTokenRequest);
working; that is, it successfully returns a token resolving to my Azure Active Directory (AAD) successfully. All good. Surprisingly easy. JWT returns with correct audience and scopes (as I have set in my tenant's AAD)
然而当我解码 JWT 时我得到的似乎只是一个身份验证令牌,而不是一个访问令牌.
However what I get back when I decode the JWT this seems to just be an Authentication Token, not an Access Token.
在 Task Meow 查看示例/teams.auth.service.js 似乎没有显示如何为访问令牌交换身份验证.
Looking at the sample at Task Meow/teams.auth.service.js Does not seem to show how to swap the Auth for the Access Token.
我假设代码看起来像 getToken() 方法......但是因为我已经在身份验证上花费了 10 多个工作日(老 ADAL 哦,我的天哪,这太可怕了)......
I assume the code will look something like the method getToken() ... but since I have already spent 10+ working days on auth (old ADAL OH MY GOODNESS WAS THIS HORRIBLE) ...
问题:
我想知道是否还有其他好的 MicrosoftTeams.js Authenticate/Auth Token/MSAL Access token 示例?
I was wondering if there are any other good samples of MicrosoftTeams.js Authenticate / Auth Token / MSAL Access token out there?
推荐答案
无论如何,我确实通过以下方式解决了我的问题
Anyway, I did solve my problem by the following
- 通过
auth.service.js
>sso.auth.service.js
>teams.auth.service.js
的抽象遵循TaskMeow的例子代码> - 因为我想要额外的 AAD 范围(
Files.ReadWrite.All
以访问 Teams 中的 Sharepoint Online 文件和Groups.ReadWrite.All
- 添加选项卡)我的 <teams.auth.service.js
中的 code>getToken() 方法类似于以下内容:
- Follow TaskMeow example through the abstractions of
auth.service.js
>sso.auth.service.js
>teams.auth.service.js
- As I wanted additional AAD scopes (
Files.ReadWrite.All
to access the Sharepoint Online files in Teams andGroups.ReadWrite.All
- to add Tabs) mygetToken()
method inteams.auth.service.js
is something like the following:
getToken() {
if (!this.getTokenPromise) {
this.getTokenPromise = new Promise((resolve, reject) => {
this.ensureLoginHint().then(() => {
this.authContext.acquireToken(
'https://graph.microsoft.com',
(reason, token, error) => {
if (!error) {
resolve(token);
} else {
reject({ error, reason });
}
}
);
});
});
}
return this.getTokenPromise;
}
编辑评论:
- Microsoft Teams 中的身份验证太难
- 文档中似乎有很多方法"
- 目前的SSO"流程仍然存在缺陷,处于开发者预览版"中
如果您是 SPA 开发人员,那就太难了.我(显然)不是身份验证方面的专家——所以当前的食谱"是必不可少的.
If you are an SPA developer it is just too difficult. I am (obviously) not an expert on Authentication -- so current "recipes" are imperative.
如果您想要的不仅仅是 单点登录 ... Microsoft Graph 中的大部分好东西"都在这些默认范围之外.
This is especially the case if you want more than the default "scopes" as described in Single Sign-on ... and most of the "good stuff" in Microsoft Graph is outside of these default scopes.
这篇关于新的 MicrosoftTeams.authentication.getAuthToken 不是 MS Graph Bearer: 令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!