Access Token in Azure AD B2C
我们已按照 https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
中提供的指南将示例 Xamarin 应用程序与 AAD B2C 集成在一起
我们现在不调用 CallAPI 方法。作为身份验证后的响应,我们只收到 id_token 而不是 access_token。
我是否必须强制调用 API 才能生成访问令牌?我们没有使用 client_secret.
验证后响应是否不包括 id_token 和 access_token?
这是用于以交互方式登录用户的调用(来源):
1 2 3 4 5 6 7 8 9 10 11 | private async Task<UserContext> SignInInteractively() { IEnumerable<IAccount> accounts = await _pca.GetAccountsAsync(); AuthenticationResult authResult = await _pca.AcquireTokenInteractive(B2CConstants.Scopes) .WithAccount(GetAccountByPolicy(accounts, B2CConstants.PolicySignUpSignIn)) .ExecuteAsync(); var newContext = UpdateUserInfo(authResult); return newContext; } |
如果存在有效的
[OPTIONAL] Step 4: Create your own Web API
This sample calls an API at https://fabrikamb2chello.azurewebsites.net which has the same code as the sample Node.js Web API with Azure AD B2C. You'll need your own API or at the very least, you'll need to register a Web API with Azure AD B2C so that you can define the scopes that your single page application will request access tokens for.
Your web API registration should include the following information:
- Enable the Web App/Web API setting for your application.
- Set the Reply URL to the appropriate value indicated in the sample or provide any URL if you're only doing the web api registration, for example
https://myapi .- Make sure you also provide a AppID URI, for example
demoapi , this is used to construct the scopes that are configured in you single page application's code.- Once your app is created, open the app's Published Scopes blade and create a scope with
read name.- Copy the AppID URI and Published Scopes values, so you can input them in your application's code.
[OPTIONAL] Step 5: Create your own Native app
Now you need to register your native app in your B2C tenant, so that it has its own Application ID. Don't forget to grant your application API Access to the web API you registered in the previous step.
Your native application registration should include the following information:
- Enable the Native Client setting for your application.
- Once your app is created, open the app's Properties blade and set the Custom Redirect URI for your app to
msal .://auth - Once your app is created, open the app's API access blade and Add the API you created in the previous step.
- Copy the Application ID generated for your application, so you can use it in the next step.