正在验证Azure AD B2B中的令牌颁发者
我正在尝试验证从Azure AD B2B SUB获得的访问令牌,我使用版本2正在验证Azure AD B2B中的令牌颁发者,azure,token,bearer-token,azure-ad-b2b,Azure,Token,Bearer Token,Azure Ad B2b,我正在尝试验证从Azure AD B2B SUB获得的访问令牌,我使用版本2“accessTokenAcceptedVersion”:2, 我当前的验证在startup类中进行 services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(o => { o.Audience = &qu
“accessTokenAcceptedVersion”:2,
我当前的验证在startup类中进行
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(o =>
{
o.Audience = "application_id";
o.Authority = "https://login.microsoftonline.com/tenant_id";
o.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true };
});
未验证令牌颁发者
www-authenticate: Bearer error="invalid_token"error_description="The issuer 'https://login.microsoftonline.com/tanant_id/v2.0' is invalid"
授权URL
https://login.microsoftonline.com/tanant_id/oauth2/authorize
这些作用域在Azure AD中定义并由应用程序使用
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = uri,
Scopes = new Dictionary<string, string>
{
{ "Access_api", "Admins and users" },
}
}
}
});
c.AddSecurityDefinition(“oauth2”),新的OpenApiSecurityScheme
{
类型=SecuritySchemeType.OAuth2,
Flows=新的OpenAPIOuthFlows
{
隐式=新的OpenAPIOuthFlow
{
AuthorizationUrl=uri,
范围=新字典
{
{“访问api”、“管理员和用户”},
}
}
}
});
我不确定是什么原因导致了这种情况?您参考了哪个文档,即您的代码来自哪里?谢谢@ikenahim,请您确保租户id已填充有效值,下面是v1和v2(v1:{tenant}/oauth2/v2.0/token)的格式。tanant_id存储在本地变量中,usedI将尝试使用login.microsoftonline.com{tenant}/oauth2/v2.0/token,租户id在更改后有效我在授权时遇到此错误
AADSTS900561:端点仅接受POST、OPTIONS请求。收到GET请求。