Azure WebApp-WebAPI ->Grant Type authorization_code 不 return RefreshToken
Azure WebApp-WebAPI ->Grant Type authorization_code doesn't return RefreshToken
我已按照此 post in relation to this example 并按照建议对门户和代码进行了添加:
门户网站:Web API - 公开一个 API - 为 "offline_access" 添加范围(也尝试使用格式 "demo.offline_access"); Web 应用添加了 "offline_access" 权限
代码:将 offline_access 添加到 Start_Auth.cs、Global.cs 和两个 Web.config 文件。
我根据 documentation 请求 accessToken 和 refreshToken:
var ClientID = "XXXX";
var BaseURL = "https://XXX.b2clogin.com/XXX.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_signinsignoutpolicy";
var ClientSecret = "XXX";
string redirectUri = "https://XXX.azurewebsites.net/api/GetAccessToken";
var content = new StringContent(
"&grant_type=authorization_code"+
"&client_id="+ClientID+
"&scope=" + "https://XXX.onmicrosoft.com/api/demo.read https://XXX.onmicrosoft.com/api/demo.write https://XXX.onmicrosoft.com/api/offline_access" +
"&code="+authCode+
"&redirect_uri=" + redirectUri+
"&client_secret=" + ClientSecret,
Encoding.UTF8,
"application/x-www-form-urlencoded");
var response = await httpClient.PostAsync(BaseURL, content);
var output = await response.Content.ReadAsStringAsync();
输出returnsaccess_token但没有刷新令牌。查看 access_token 的声明时,范围 (scp) 正确显示 offline_access demo.read demo.write
我缺少什么来获得刷新令牌?
[编辑}
这是邮递员的结果:
收到访问令牌的 JWT:
WebApp API 权限:
WebAPI - 公开一个 API:
代码更改:
WebApp 和 WebAPI Web.config 范围:
<add key="api:ReadScope" value="demo.read" />
<add key="api:WriteScope" value="demo.write" />
<add key="api:OfflineScope" value="offline_access" />
TaskWebApp Globals.cs 范围增加:
// API Scopes
public static string ApiIdentifier = ConfigurationManager.AppSettings["api:ApiIdentifier"];
public static string ReadTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:ReadScope"];
public static string WriteTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:WriteScope"];
public static string OfflineTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:OfflineScope"];
public static string[] Scopes = new string[] { ReadTasksScope, WriteTasksScope, OfflineTasksScope };
TaskWebApp Startup.Auth.cs 在 ConfigureAuth 添加范围:
// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope = $"openid profile offline_access {Globals.ReadTasksScope} {Globals.WriteTasksScope} {Globals.OfflineTasksScope}"
感谢您的帮助
https://XXX.onmicrosoft.com/api/offline_access 是您在网络 api 应用程序中自定义的权限。不是为了获取刷新令牌。
你只需要在这里使用offline_access。
"&scope=" + "https://XXX.onmicrosoft.com/api/demo.read https://XXX.onmicrosoft.com/api/demo.write offline_access"
我已按照此 post in relation to this example 并按照建议对门户和代码进行了添加:
门户网站:Web API - 公开一个 API - 为 "offline_access" 添加范围(也尝试使用格式 "demo.offline_access"); Web 应用添加了 "offline_access" 权限
代码:将 offline_access 添加到 Start_Auth.cs、Global.cs 和两个 Web.config 文件。
我根据 documentation 请求 accessToken 和 refreshToken:
var ClientID = "XXXX";
var BaseURL = "https://XXX.b2clogin.com/XXX.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_signinsignoutpolicy";
var ClientSecret = "XXX";
string redirectUri = "https://XXX.azurewebsites.net/api/GetAccessToken";
var content = new StringContent(
"&grant_type=authorization_code"+
"&client_id="+ClientID+
"&scope=" + "https://XXX.onmicrosoft.com/api/demo.read https://XXX.onmicrosoft.com/api/demo.write https://XXX.onmicrosoft.com/api/offline_access" +
"&code="+authCode+
"&redirect_uri=" + redirectUri+
"&client_secret=" + ClientSecret,
Encoding.UTF8,
"application/x-www-form-urlencoded");
var response = await httpClient.PostAsync(BaseURL, content);
var output = await response.Content.ReadAsStringAsync();
输出returnsaccess_token但没有刷新令牌。查看 access_token 的声明时,范围 (scp) 正确显示 offline_access demo.read demo.write
我缺少什么来获得刷新令牌?
[编辑}
这是邮递员的结果:
代码更改: WebApp 和 WebAPI Web.config 范围:
<add key="api:ReadScope" value="demo.read" />
<add key="api:WriteScope" value="demo.write" />
<add key="api:OfflineScope" value="offline_access" />
TaskWebApp Globals.cs 范围增加:
// API Scopes
public static string ApiIdentifier = ConfigurationManager.AppSettings["api:ApiIdentifier"];
public static string ReadTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:ReadScope"];
public static string WriteTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:WriteScope"];
public static string OfflineTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:OfflineScope"];
public static string[] Scopes = new string[] { ReadTasksScope, WriteTasksScope, OfflineTasksScope };
TaskWebApp Startup.Auth.cs 在 ConfigureAuth 添加范围:
// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope = $"openid profile offline_access {Globals.ReadTasksScope} {Globals.WriteTasksScope} {Globals.OfflineTasksScope}"
感谢您的帮助
https://XXX.onmicrosoft.com/api/offline_access 是您在网络 api 应用程序中自定义的权限。不是为了获取刷新令牌。
你只需要在这里使用offline_access。
"&scope=" + "https://XXX.onmicrosoft.com/api/demo.read https://XXX.onmicrosoft.com/api/demo.write offline_access"