试图弄清楚当前的v2.0端点是否支持守护程序和服务器端应用程序流。
本文讨论以下流程:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-flows
它指出:
This article describes the types of apps that you can build by using Azure AD v2.0, regardless of your preferred language or platform. The information in this article is designed to help you understand high-level scenarios before you start working with the code.
此外,它指出:
Currently, the types of apps in this section are not supported by the v2.0 endpoint, but they are on the roadmap for future development. For additional limitations and restrictions for the v2.0 endpoint
最后,我尝试构建一个连接到Graph API的应用程序,该应用程序将按计划通过“凭据”连接到Graph API,从而允许它代表允许其访问的用户访问API。
在测试工具中,我可以使用以下方法获取 token :
var pca = new PublicClientApplication(connector.AzureClientId)
{
RedirectUri = redirectUrl
};
var result = await pca.AcquireTokenAsync(new[] {"Directory.Read.All"},
(Microsoft.Identity.Client.User) null, UiOptions.ForceLogin, string.Empty);
var cca = new ConfidentialClientApplication(
connector.AzureClientId,
redirectUrl,
new ClientCredential(connector.AzureClientSecretKey),
null) {PlatformParameters = new PlatformParameters()};
var result = await cca.AcquireTokenForClient(new[] { "Directory.Read.All" }, string.Empty);
Exception thrown: 'Microsoft.Identity.Client.MsalServiceException' in mscorlib.dll
Additional information: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope Directory.Read.All is not valid. Trace ID: dcba6878-5908-44a0-95f3-c51b0b4f1a00 Correlation ID: 1612e41a-a283-4557-b462-09653d7e4c21 Timestamp: 2017-04-10 20:53:05Z
自2016年4月16日以来,尚未更新MSAL软件包Microsoft.Identity.Client(1.0.304142221-alpha)。这甚至是我应该使用的软件包吗?
最佳答案
当将客户端凭据流与Azure AD V2.0一起使用时,为此请求中scope参数传递的值应该是所需资源的资源标识符(应用程序ID URI),并带有.default后缀。对于Microsoft Graph示例,该值为https://graph.microsoft.com/.default。
请单击here了解更多详细信息。 here是将客户端凭据流与Azure AD V2.0终结点一起使用的教程。
关于azure-active-directory - Azure Active Directory v2.0守护程序和服务器端应用程序支持,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43332770/