有没有办法使用 AZURE AD GRAPH 客户端或 MICROSOFT Graph 客户端生成用户的访问 token ? 我有用户名和密码、客户端 ID、策略名称。使用所有这些参数。我想生成 token 。
谢谢!
最佳答案
我们可以这样做,但不建议使用用户名和密码来这样做。
In general Microsoft does not advise customers to use it as it's less secure than the other flows, and it is not compatible with conditional access (if the resource requires conditional access, the call to AcquireTokenSilent will just fail, given that this is not an interactive flow, the STS does not have an opportunity to present a dialog to the user to tell him/her that s/he needs to do multiple factor authentication).
演示代码。
var graphResourceId = "https://graph.windows.net";
var clientId = "afa0b3fxxxxx";
var userName= "xxxxx";
var password = "xxx";
var result = await authenticationContext.AcquireTokenAsync(graphResourceId, clientId, new UserPasswordCredential(userName, password));
var accessToken = result.AccessToken
更多信息请引用此document .
更新:
获取刷新 token 。
网址:
post https://login.microsoftonline.com/{tenantId}/oauth2/token
标题:
Content-Type: application/x-www-form-urlencoded
正文
resource=https%3A%2F%2Fgraph.windows.net&client_id=xxxxx&grant_type=password&username=tom%40xxxx.onmicrosoft.com&password=xxxxx&scope=openid
测试结果:
关于azure - 如何使用 AzureADGraph 或 Microsoft Graph 在 AZURE AD B2C 中为用户生成访问 token ?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52270938/