Azure函数身份验证中的访问令牌问题
我按照链接为我的Azure功能设置AAD身份验证。为了调用Azure函数,我尝试使用作为获取的令牌,但我得到了错误状态401“您没有查看此目录或页面的权限”。此访问令牌来自Uri。在测试中,我发现如果我从Uri请求令牌,它就会工作。为什么呢 来自的令牌解码如下Azure函数身份验证中的访问令牌问题,azure,oauth-2.0,Azure,Oauth 2.0,我按照链接为我的Azure功能设置AAD身份验证。为了调用Azure函数,我尝试使用作为获取的令牌,但我得到了错误状态401“您没有查看此目录或页面的权限”。此访问令牌来自Uri。在测试中,我发现如果我从Uri请求令牌,它就会工作。为什么呢 来自的令牌解码如下 { "typ": "JWT", "nonce": "klkSaiUS7yT5KMshYVJZAkyu5AuDV14yEQLEkxiz2o4", &
{
"typ": "JWT",
"nonce": "klkSaiUS7yT5KMshYVJZAkyu5AuDV14yEQLEkxiz2o4",
"alg": "RS256",
"x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
"kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/{tenantId}/",
"iat": 1597615459,
"nbf": 1597615459,
"exp": 1597619359,
"aio": "E2BgYOD6EGiutPFpxY67vVocPgv3AAA=",
"app_displayname": "app Displayname",
"appid": "{appId GUID}",
"appidacr": "1",
"idp": "https://sts.windows.net/{tenantId}/",
"oid": "{GUID}",
"roles": [
"User.ReadWrite.All",
"Group.ReadWrite.All",
"User.Invite.All",
"TeamMember.ReadWrite.All",
"Team.ReadBasic.All",
"GroupMember.ReadWrite.All"
],
"sub": "{GUID}",
"tenant_region_scope": "NA",
"tid": "{tenantId}",
"uti": "lA__6UDggU6QYEGdX0t_AA",
"ver": "1.0",
"xms_tcdt": 1590621751
}.[Signature]
{
"typ": "JWT",
"alg": "RS256",
"x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
"kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
"aud": "00000002-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/{tenantId}/",
"iat": 1597615470,
"nbf": 1597615470,
"exp": 1597619370,
"aio": "E2BgYOAS8fUOUly15/PahOer9u1iBQA=",
"appid": "{appId GUID}",
"appidacr": "1",
"idp": "https://sts.windows.net/{tenantId}/",
"oid": "{GUID}",
"sub": "{GUID}",
"tenant_region_scope": "NA",
"tid": "{tenantId}",
"uti": "3wr4Ulqcs0ueW77ZacF4AA",
"ver": "1.0"
}.[Signature]
来自的令牌解码如下
{
"typ": "JWT",
"nonce": "klkSaiUS7yT5KMshYVJZAkyu5AuDV14yEQLEkxiz2o4",
"alg": "RS256",
"x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
"kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/{tenantId}/",
"iat": 1597615459,
"nbf": 1597615459,
"exp": 1597619359,
"aio": "E2BgYOD6EGiutPFpxY67vVocPgv3AAA=",
"app_displayname": "app Displayname",
"appid": "{appId GUID}",
"appidacr": "1",
"idp": "https://sts.windows.net/{tenantId}/",
"oid": "{GUID}",
"roles": [
"User.ReadWrite.All",
"Group.ReadWrite.All",
"User.Invite.All",
"TeamMember.ReadWrite.All",
"Team.ReadBasic.All",
"GroupMember.ReadWrite.All"
],
"sub": "{GUID}",
"tenant_region_scope": "NA",
"tid": "{tenantId}",
"uti": "lA__6UDggU6QYEGdX0t_AA",
"ver": "1.0",
"xms_tcdt": 1590621751
}.[Signature]
{
"typ": "JWT",
"alg": "RS256",
"x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
"kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
"aud": "00000002-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/{tenantId}/",
"iat": 1597615470,
"nbf": 1597615470,
"exp": 1597619370,
"aio": "E2BgYOAS8fUOUly15/PahOer9u1iBQA=",
"appid": "{appId GUID}",
"appidacr": "1",
"idp": "https://sts.windows.net/{tenantId}/",
"oid": "{GUID}",
"sub": "{GUID}",
"tenant_region_scope": "NA",
"tid": "{tenantId}",
"uti": "3wr4Ulqcs0ueW77ZacF4AA",
"ver": "1.0"
}.[Signature]
我知道这两个令牌具有不同的访问群体,并且在Azure功能的AAD身份验证中将这两个令牌都添加到了“允许的令牌访问群体”中
请帮助我理解这一点。非常感谢