受 Azure AD B2C 保护的自动化端点测试 [英] Automated endpoint testing protected by Azure AD B2C

问题描述

我有一个 WebAPI 应用程序，它使用用户通过凭据登录获得的 Azure B2C 令牌对用户进行身份验证.

I have a WebAPI application which authenticates users with their Azure B2C token they have acquired from signing in with their credentials.

我现在需要针对我的 WebAPI 编写一些测试，但我不确定如何自动获取令牌，因为我需要在 https://login.microsoftonline.com 上登录...

I need to write some tests against my WebAPI now but I'm not sure how I can automate acquiring a token given that I need to sign in on https://login.microsoftonline.com...

没有使用 selenium 或其他东西来登录 - 是否有另一种方法可以获取要使用的令牌?

Short of using selenium or something to sign in - is there another alternative for acquiring a token to use?

推荐答案

我假设你想获得非交互的token.

I assume that you want to get token with non-interactive.

我认为您可以使用 资源AAD B2C 中的所有者密码凭据流.

I think you can use resource owner password credentials flow in AAD B2C.

注意:在 Azure Active Directory (Azure AD) B2C 中，支持以下选项:

• Native Client:身份验证期间的用户交互发生在代码在用户端设备上运行时.该设备可以是手机在本机操作系统中运行的应用程序，例如Android，或在浏览器中运行，例如 JavaScript.

• Native Client: User interaction during authentication happens when code runs on a user-side device. The device can be a mobile application that's running in a native operating system, such as Android, or running in a browser, such as JavaScript.

公共客户端流程:只有应用程序收集的用户凭据才会在 API 调用中发送.的凭据申请未发送.

Public client flow: Only user credentials, gathered by an application, are sent in the API call. The credentials of the application are not sent.

添加新声明:可以更改 ID 令牌内容以添加新声明.

Add new claims: The ID token contents can be changed to add new claims.

这个流程可以让你在没有UI的情况下获取token.

This flow can let you obtain token without UI.

此外，AAD B2C 目前不支持客户端凭据流和 OAuth 2.0 JWT 不记名凭据授予，也称为代表流.您可以看到限制 在本文档中.

Also, client credentials flow and OAuth 2.0 JWT bearer credential grant, also known as the on-behalf-of flow are not supported in AAD B2C currently. You can see the limitations in this documentation.

这篇关于受 Azure AD B2C 保护的自动化端点测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！