Azure 应用程序 oauth2 在客户端凭据授予类型中生成错误的访问令牌 [英] Azure app oauth2 generating wrong access token in Client Credentials grant type
问题描述
我是使用带有 OAuth2 的 Azure AD 的初学者.我在 Azure AD 中部署了一个示例 WEB API.我通过 Postman 应用程序使用我的 WEB API.在 Postman 中使用 WEB API 之前,我需要生成访问令牌.但是当我在邮递员中生成访问令牌时,它总是接受 Grant Type - Authentication Code.当我将值更改为 Client Credentials 时,API 不接受生成的访问令牌.它显示 UnAuthorized 消息.
在 Azure 门户中 - 应用设置证书和秘密窗口我创建了一个描述为邮递员"的客户秘密.我没有在这个应用中上传证书.
我想生成具有授予类型"值客户端凭据"的访问令牌.有什么额外的配置吗?
这个有什么额外的配置吗?
不,没有用于生成令牌的其他设置
代码片段:
//令牌请求端点字符串 tokenUrl = $"https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/token";var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);//我正在使用 client_credentials 作为它主要推荐tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>{["grant_type"] = "client_credentials",["client_id"] = "b6695c7be_YourClient_Id_e6921e61f659",["client_secret"] = "Vxf1SluKbgu4PF0Nf_Your_Secret_Yp8ns4sc=",["资源"] = "https://graph.microsoft.com/"});动态json;AccessTokenClass 结果 = new AccessTokenClass();HttpClient 客户端 = 新 HttpClient();var tokenResponse = await client.SendAsync(tokenRequest);json = 等待 tokenResponse.Content.ReadAsStringAsync();结果 = JsonConvert.DeserializeObject(json); 使用的类:
公共类AccessTokenClass{公共字符串 token_type { 获取;放;}公共字符串 expires_in { 获取;放;}公共字符串资源 { 获取;放;}公共字符串 access_token { 获取;放;}}希望这会有所帮助.如果您仍有任何疑虑,请随时分享.
I am a beginner in using Azure AD with OAuth2. I deployed a sample WEB API in my Azure AD. I consume my WEB API through the Postman application. Before consume the WEB API in Postman I need to generate the access token. But when i generate the access token in post man it's always accept the Grant Type - Authentication Code. When i change the value to Client Credentials the generated access token is not accepted in the API. it's shows UnAuthorized message.
In Azure portal - app settings 'Certificates & Secrets' window i create a client secret with description 'postman'. I didn't upload the certificate in this app.
I want to generate the access token with 'Grant Type' value 'Client Credentials'. Is there any additional configuration for this ?
Is there any additional configuration for this ?
No, there is no additional settings for generating token using
client_credentials.
You all need following parameter:
client_idclient_secretresource(For v2.0scope)grant_type
How Would You Request Token In PostMan :
Your Token Endpoint:
https://login.microsoftonline.com/YourTenent.onmicrosoft.com/oauth2/token
Method Type: POST
Request Body:
grant_type:client_credentials
client_id:00ab01_Your_Azure-Ad_Application_Id_fbbf8e
client_secret:XNk2zgXx_Your_Azure-Ad_Application_Secret_vjdz2Q
resource:https://graph.microsoft.com/
See the screenshot:
Code Snippet:
//Token Request End Point
string tokenUrl = $"https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/token";
var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);
//I am Using client_credentials as It is mostly recommended
tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "client_credentials",
["client_id"] = "b6695c7be_YourClient_Id_e6921e61f659",
["client_secret"] = "Vxf1SluKbgu4PF0Nf_Your_Secret_Yp8ns4sc=",
["resource"] = "https://graph.microsoft.com/"
});
dynamic json;
AccessTokenClass results = new AccessTokenClass();
HttpClient client = new HttpClient();
var tokenResponse = await client.SendAsync(tokenRequest);
json = await tokenResponse.Content.ReadAsStringAsync();
results = JsonConvert.DeserializeObject<AccessTokenClass>(json);
Class Used:
public class AccessTokenClass
{
public string token_type { get; set; }
public string expires_in { get; set; }
public string resource { get; set; }
public string access_token { get; set; }
}
Hope that would help. If you still have any concern feel free to share.
这篇关于Azure 应用程序 oauth2 在客户端凭据授予类型中生成错误的访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
