如何获得 Azure Easy auth JWT access_token [英] How to get Azure easy auth JWT access_token
问题描述
我有一个 Azure 应用服务,在该服务上启用了身份验证/授权并将 AD 配置为身份验证提供程序.
服务上所有/.auth
路由都存在,我可以登录.登录成功后可以调用/.auth/me
获取访问令牌
.响应如下:
然后我使用授权承载标头中的 access_token
从服务请求数据.
"Authorization": "Bearer" + "AQABAAAAAA...Gni4EiQgAA"
我的服务返回以下错误
IDX10708:System.IdentityModel.Tokens.JwtSecurityTokenHandler"无法读取此字符串:AQABAAAAAA...Gni4EiQgAA".该字符串需要采用紧凑的 JSON 格式,格式为:'..'.
根据
注意:如果您没有为 additionalLoginParams
指定 resource
,您将检索不在 JSON Web Token (JWT) 中的 access_token) 格式.
然后我使用授权承载标头中的 access_token 从服务请求数据.
为了访问您的服务,您可以利用 AppServiceAuthSession
cookie 或者您可以使用 Authorization:Bearer "{your-id-token}"
.
更多细节可以参考这个类似的教程.
I have an Azure App Service on which I have enabled Authentication/Authorization and configured AD as the authentication provider.
All /.auth
routes exist on the service, and I can log in. After successful login I can call /.auth/me
to get the access_token
. The response looks like:
[
{
"access_token": "AQABAAAAAA...Gni4EiQgAA",
"expires_on": "2017-02-28T19:17:08.0000000Z",
"id_token": JWT TOKEN
...
}
]
I then use the access_token
in an authorization bearer header to request data from the service.
"Authorization": "Bearer " + "AQABAAAAAA...Gni4EiQgAA"
My service returns the following error
IDX10708: 'System.IdentityModel.Tokens.JwtSecurityTokenHandler' cannot read this string: 'AQABAAAAAA...Gni4EiQgAA'.
The string needs to be in compact JSON format, which is of the form: '<Base64UrlEncodedHeader>.<Base64UrlEndcodedPayload>.<OPTIONAL, Base64UrlEncodedSignature>'.
According to this discussion the access_token
is intended to be used as a Bearer token. I have also read here that the access_token
is supposed to be base64 encoded but this does not appear to be the case.
Additionally, if I use the id_token
as a Bearer token, then authentication works as expected (the id_token
is in JWT format).
Edit
When I manually implement the Oauth flow as described here, I receive a proper JWT access_token
.
GET
https://login.microsoftonline.com/common/oauth2/authorize?client_id=client_id&response_type=code&redirect_uri=redirect_uri
Followed by
POST
https://login.microsoftonline.com/common/oauth2/token
grant_type=authorization_code
client_id=client_id
code=CODE FROM ABOVE
redirect_uri=redirect_uri
resource=resource
client_secret=client_secret
RESPONSE
{
"access_token": JWT TOKEN,
"token_type": "Bearer",
...
}
How to get Azure easy auth JWT access_token
According to your description, I enabled Authentication/Authorization and configured AD as the authentication provider to test this issue. As I known, when you enable Authentication/Authorization on Azure Portal, then the default response_type
is id_token
. You need to log into https://manage.windowsazure.com and update App Service Auth Configuration as follows:
Note: If you do not specify the resource
for additionalLoginParams
, you would retrieve a access_token that is not in JSON Web Token (JWT) format.
I then use the access_token in an authorization bearer header to request data from the service.
For accessing your service, you could leverage AppServiceAuthSession
cookie or you could use Authorization:Bearer "{your-id-token}"
.
For more details, you could refer to this similar tutorial.
这篇关于如何获得 Azure Easy auth JWT access_token的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!