Azure active directory 是否可以将过期的Microsoft Graph API访问令牌交换为新令牌?
我正在对Startup.cs中的Graph API进行身份验证:Azure active directory 是否可以将过期的Microsoft Graph API访问令牌交换为新令牌?,azure-active-directory,microsoft-graph-api,Azure Active Directory,Microsoft Graph Api,我正在对Startup.cs中的Graph API进行身份验证: app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = appId, Authority = "https://login.microsoftonlin
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = appId,
Authority = "https://login.microsoftonline.com/common/v2.0",
Scope = $"openid email profile offline_access {graphScopes}",
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false // Setting this to true prevents logging in, and is only necessary on a multi-tenant app.
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailedAsync,
AuthorizationCodeReceived = async (context) =>
{
// This block executes once an auth code has been sent and received.
Evar idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
var signedInUser = new ClaimsPrincipal(context.AuthenticationTicket.Identity);
var tokenStore = new SessionTokenStore(idClient.UserTokenCache, HttpContext.Current, signedInUser);
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCode(scopes, context.Code).ExecuteAsync();
var userDetails = await GraphUtility.GetUserDetailAsync(result.AccessToken);
检索此访问令牌后,我将其存储到类变量中。我这样做的原因是,我可以检索它,以便在与Graph API接口的一个服务(由API控制器调用)中使用
public GraphAPIServices(IDbContextFactory dbContextFactory) : base(dbContextFactory)
{
_accessToken = GraphUtility.GetGraphAPIAccessToken();
_graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _accessToken);
}));
}
我遇到的问题是,经过一段时间后,这个访问令牌最终会过期。我显然无法再次运行Startup.cs,因此没有机会检索新的访问令牌
我想知道的是,是否可以将此过期访问令牌交换为新令牌,而无需请求用户使用其凭据再次登录?对于您的场景,您应该查找刷新令牌。因为当客户端获取访问令牌以访问受保护的资源(图)时,客户端也会收到刷新令牌。刷新令牌用于在当前访问令牌过期时获取新的访问/刷新令牌对。刷新令牌绑定到用户和客户端的组合。刷新令牌可以随时撤销,并且每次使用令牌时都会检查令牌的有效性。感谢您的响应。我只得到一个ID令牌和一个访问令牌。没有刷新令牌。我已将“脱机访问”添加到我的web应用权限中。我不完全确定我还遗漏了什么。你还在这个问题上寻求帮助吗?