如何使用 AzureADGraph 或 Microsoft Graph 为 AZURE AD B2C 中的用户生成访问令牌?
How to generate access token for user in AZURE AD B2C using AzureADGraph or Microsoft Graph?
有没有办法为使用 AZURE AD GRAPH 客户端或 MICROSOFT Graph 客户端的用户生成访问令牌?
我有用户名和密码、客户端 ID、策略名称。使用所有这些参数。我要生成令牌。
谢谢!
我们可以这样做,但不建议使用用户名和密码来做到这一点。
In general Microsoft does not advise customers to use it as it's less secure than the other flows, and it is not compatible with conditional access (if the resource requires conditional access, the call to AcquireTokenSilent will just fail, given that this is not an interactive flow, the STS does not have an opportunity to present a dialog to the user to tell him/her that s/he needs to do multiple factor authentication).
演示代码。
var graphResourceId = "https://graph.windows.net";
var clientId = "afa0b3fxxxxx";
var userName= "xxxxx";
var password = "xxx";
var result = await authenticationContext.AcquireTokenAsync(graphResourceId, clientId, new UserPasswordCredential(userName, password));
var accessToken = result.AccessToken
更多信息,请参考这篇document。
更新:
获取刷新令牌。
url:
post https://login.microsoftonline.com/{tenantId}/oauth2/token
Header:
Content-Type: application/x-www-form-urlencoded
body
resource=https%3A%2F%2Fgraph.windows.net&client_id=xxxxx&grant_type=password&username=tom%40xxxx.onmicrosoft.com&password=xxxxx&scope=openid
测试结果:
有没有办法为使用 AZURE AD GRAPH 客户端或 MICROSOFT Graph 客户端的用户生成访问令牌? 我有用户名和密码、客户端 ID、策略名称。使用所有这些参数。我要生成令牌。
谢谢!
我们可以这样做,但不建议使用用户名和密码来做到这一点。
In general Microsoft does not advise customers to use it as it's less secure than the other flows, and it is not compatible with conditional access (if the resource requires conditional access, the call to AcquireTokenSilent will just fail, given that this is not an interactive flow, the STS does not have an opportunity to present a dialog to the user to tell him/her that s/he needs to do multiple factor authentication).
演示代码。
var graphResourceId = "https://graph.windows.net";
var clientId = "afa0b3fxxxxx";
var userName= "xxxxx";
var password = "xxx";
var result = await authenticationContext.AcquireTokenAsync(graphResourceId, clientId, new UserPasswordCredential(userName, password));
var accessToken = result.AccessToken
更多信息,请参考这篇document。
更新:
获取刷新令牌。
url:
post https://login.microsoftonline.com/{tenantId}/oauth2/token
Header:
Content-Type: application/x-www-form-urlencoded
body
resource=https%3A%2F%2Fgraph.windows.net&client_id=xxxxx&grant_type=password&username=tom%40xxxx.onmicrosoft.com&password=xxxxx&scope=openid
测试结果:
