微软OIDC授权中跳过离线访问权限
Skip offline access permission in Microsoft OIDC authorization
我正在使用此代码
var app = ConfidentialClientApplicationBuilder.Create(AzureAdApplicationId)
.WithTenantId("organizations")
.WithRedirectUri(AzureAdRedirectUrl)
.WithClientSecret(AzureAdSecretKey)
.Build();
azureAdScopes = new List<string>() { "email" };
var signInRequest = app.GetAuthorizationRequestUrl(azureAdScopes);
var uri = await signInRequest.ExecuteAsync();
产生 url
我只需要用户的用户名,不需要离线访问用户的帐户。我怎样才能将它们从范围中删除?
您可以在没有 offline_access 的情况下请求 url,但 Azure AD v2.0 OAuth2 帐户同意页面自动列出“随时访问您的数据”甚至尽管 offline_access 未在范围内指定。这是一个 issue 相关的。
注释显示在document:
At this time, the offline_access ("Maintain access to data you have
given it access to") and user.read ("Sign you in and read your
profile") permissions are automatically included in the initial
consent to an application.
我正在使用此代码
var app = ConfidentialClientApplicationBuilder.Create(AzureAdApplicationId)
.WithTenantId("organizations")
.WithRedirectUri(AzureAdRedirectUrl)
.WithClientSecret(AzureAdSecretKey)
.Build();
azureAdScopes = new List<string>() { "email" };
var signInRequest = app.GetAuthorizationRequestUrl(azureAdScopes);
var uri = await signInRequest.ExecuteAsync();
产生 url
我只需要用户的用户名,不需要离线访问用户的帐户。我怎样才能将它们从范围中删除?
您可以在没有 offline_access 的情况下请求 url,但 Azure AD v2.0 OAuth2 帐户同意页面自动列出“随时访问您的数据”甚至尽管 offline_access 未在范围内指定。这是一个 issue 相关的。
注释显示在document:
At this time, the offline_access ("Maintain access to data you have given it access to") and user.read ("Sign you in and read your profile") permissions are automatically included in the initial consent to an application.