Azure AD B2C 中的访问令牌
Access Token in Azure AD B2C
我们已按照 https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
中提供的指南将示例 Xamarin 应用与 AAD B2C 集成
我们现在不调用 CallAPI 方法。作为身份验证后的响应,我们只收到 id_token 而不是 access_token。
我是否必须强制调用 API 才能生成访问令牌?我们没有使用 client_secret.
响应 post 身份验证是否不包括 id_token 和 access_token 这两者?
这是用于以交互方式登录用户的调用 (source):
private async Task<UserContext> SignInInteractively()
{
IEnumerable<IAccount> accounts = await _pca.GetAccountsAsync();
AuthenticationResult authResult = await _pca.AcquireTokenInteractive(B2CConstants.Scopes)
.WithAccount(GetAccountByPolicy(accounts, B2CConstants.PolicySignUpSignIn))
.ExecuteAsync();
var newContext = UpdateUserInfo(authResult);
return newContext;
}
如果存在有效的 [scopes],并按照 here 的描述进行配置(为了永久性,在下面复制),那么您将同时获得 id_token 和 access_token。如果您没有提供适当的范围,那么唯一的范围将是 openid,并且只有 return 和 id_token,因为没有资源可以获取访问令牌。
[OPTIONAL] Step 4: Create your own Web API
This sample calls an API at https://fabrikamb2chello.azurewebsites.net which has the same code as the sample Node.js Web API with Azure AD B2C. You'll need your own API or at the very least, you'll need to register a Web API with Azure AD B2C so that you can define the scopes that your single page application will request access tokens for.
Your web API registration should include the following information:
- Enable the Web App/Web API setting for your application.
- Set the Reply URL to the appropriate value indicated in the sample or provide any URL if you're only doing the web api registration, for example
https://myapi.
- Make sure you also provide a AppID URI, for example
demoapi, this is used to construct the scopes that are configured in you single page application's code.
- Once your app is created, open the app's Published Scopes blade and create a scope with
read name.
- Copy the AppID URI and Published Scopes values, so you can input them in your application's code.
[OPTIONAL] Step 5: Create your own Native app
Now you need to register your native app in your B2C tenant, so that it has its own Application ID. Don't forget to grant your application API Access to the web API you registered in the previous step.
Your native application registration should include the following information:
- Enable the Native Client setting for your application.
- Once your app is created, open the app's Properties blade and set the Custom Redirect URI for your app to
msal<Application Id>://auth.
- Once your app is created, open the app's API access blade and Add the API you created in the previous step.
- Copy the Application ID generated for your application, so you can use it in the next step.
我们已按照 https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
中提供的指南将示例 Xamarin 应用与 AAD B2C 集成我们现在不调用 CallAPI 方法。作为身份验证后的响应,我们只收到 id_token 而不是 access_token。
我是否必须强制调用 API 才能生成访问令牌?我们没有使用 client_secret.
响应 post 身份验证是否不包括 id_token 和 access_token 这两者?
这是用于以交互方式登录用户的调用 (source):
private async Task<UserContext> SignInInteractively()
{
IEnumerable<IAccount> accounts = await _pca.GetAccountsAsync();
AuthenticationResult authResult = await _pca.AcquireTokenInteractive(B2CConstants.Scopes)
.WithAccount(GetAccountByPolicy(accounts, B2CConstants.PolicySignUpSignIn))
.ExecuteAsync();
var newContext = UpdateUserInfo(authResult);
return newContext;
}
如果存在有效的 [scopes],并按照 here 的描述进行配置(为了永久性,在下面复制),那么您将同时获得 id_token 和 access_token。如果您没有提供适当的范围,那么唯一的范围将是 openid,并且只有 return 和 id_token,因为没有资源可以获取访问令牌。
[OPTIONAL] Step 4: Create your own Web API
This sample calls an API at https://fabrikamb2chello.azurewebsites.net which has the same code as the sample Node.js Web API with Azure AD B2C. You'll need your own API or at the very least, you'll need to register a Web API with Azure AD B2C so that you can define the scopes that your single page application will request access tokens for.
Your web API registration should include the following information:
- Enable the Web App/Web API setting for your application.
- Set the Reply URL to the appropriate value indicated in the sample or provide any URL if you're only doing the web api registration, for example
https://myapi.- Make sure you also provide a AppID URI, for example
demoapi, this is used to construct the scopes that are configured in you single page application's code.- Once your app is created, open the app's Published Scopes blade and create a scope with
readname.- Copy the AppID URI and Published Scopes values, so you can input them in your application's code.
[OPTIONAL] Step 5: Create your own Native app
Now you need to register your native app in your B2C tenant, so that it has its own Application ID. Don't forget to grant your application API Access to the web API you registered in the previous step.
Your native application registration should include the following information:
- Enable the Native Client setting for your application.
- Once your app is created, open the app's Properties blade and set the Custom Redirect URI for your app to
msal<Application Id>://auth.- Once your app is created, open the app's API access blade and Add the API you created in the previous step.
- Copy the Application ID generated for your application, so you can use it in the next step.