我正在使用 Azure 应用服务,并使用 Google 和 Microsoft 帐户进行身份验证。 我可以访问 mysite/.auth/me,登录时没有任何问题。 但要刷新 token ,/.auth/refresh 会在出现异常后返回给我。
You do not have permission to view this directory or page.
不确定在 Azure Blade 中授予什么访问权限。
最佳答案
该错误消息实际上有点误导。这并不是说您没有访问 API 的权限,而是您的 token 存储中可能没有刷新 token 。每个提供商在用户登录期间获取刷新 token 的方式略有不同。更多详细信息请参见:
https://cgillum.tech/2016/03/07/app-service-token-store/
In order for this to work, the token store must contain refresh tokens for your provider. If you’re not familiar with how to do this, here are some hints:
- Google: Append an
"access_type=offline"
query string parameter to your /.auth/login API call (if using the Mobile Apps SDK, you can add this to one of the LogicAsync overloads).- Microsoft Account: Select the
wl.offline_access
scope in the Azure management portal.- Azure AD: This is a little complex right now, but take a look at my next post on enabling Graph API access. Follow the setup steps and this will also enable you to get refresh tokens for Azure AD (you can omit the
Read directory data
and theresource=…
parts if they don’t apply to you). The plan is to simplify this in the future.
关于azure - 访问/.auth/refresh权限错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38747136/