关于 xamarin:Azure AD B2C 中的访问令牌


Access Token in Azure AD B2C

我们已按照 https://github.com/Azure-Samples/active-directory-b2c-xamarin-native

中提供的指南将示例 Xamarin 应用程序与 AAD B2C 集成在一起

我们现在不调用 CallAPI 方法。作为身份验证后的响应,我们只收到 id_token 而不是 access_token。

我是否必须强制调用 API 才能生成访问令牌?我们没有使用 client_secret.

验证后响应是否不包括 id_token 和 access_token?

相关讨论

这是用于以交互方式登录用户的调用(来源):

1
2
3
4
5
6
7
8
9
10
11
    private async Task<UserContext> SignInInteractively()
    {
        IEnumerable<IAccount> accounts = await _pca.GetAccountsAsync();

        AuthenticationResult authResult = await _pca.AcquireTokenInteractive(B2CConstants.Scopes)
            .WithAccount(GetAccountByPolicy(accounts, B2CConstants.PolicySignUpSignIn))
            .ExecuteAsync();

        var newContext = UpdateUserInfo(authResult);
        return newContext;
    }

如果存在有效的 [scopes],并按照此处的说明进行配置(以下为永久性复制),那么您将同时获得 id_tokenaccess_token。如果您没有提供适当的范围,那么唯一的范围将是 openid,并且只返回一个 id_token,因为没有资源可以获取其访问令牌。

[OPTIONAL] Step 4: Create your own Web API

This sample calls an API at https://fabrikamb2chello.azurewebsites.net which has the same code as the sample Node.js Web API with Azure AD B2C. You'll need your own API or at the very least, you'll need to register a Web API with Azure AD B2C so that you can define the scopes that your single page application will request access tokens for.

Your web API registration should include the following information:

  • Enable the Web App/Web API setting for your application.
  • Set the Reply URL to the appropriate value indicated in the sample or provide any URL if you're only doing the web api registration, for example https://myapi.
  • Make sure you also provide a AppID URI, for example demoapi, this is used to construct the scopes that are configured in you single page application's code.
  • Once your app is created, open the app's Published Scopes blade and create a scope with read name.
  • Copy the AppID URI and Published Scopes values, so you can input them in your application's code.

[OPTIONAL] Step 5: Create your own Native app

Now you need to register your native app in your B2C tenant, so that it has its own Application ID. Don't forget to grant your application API Access to the web API you registered in the previous step.

Your native application registration should include the following information:

  • Enable the Native Client setting for your application.
  • Once your app is created, open the app's Properties blade and set the Custom Redirect URI for your app to msal://auth.
  • Once your app is created, open the app's API access blade and Add the API you created in the previous step.
  • Copy the Application ID generated for your application, so you can use it in the next step.
相关讨论