Fatal编程技术网
  • azure/
  • Azure函数身份验证中的访问令牌问题

Azure函数身份验证中的访问令牌问题

azure oauth-2.0

Azure函数身份验证中的访问令牌问题,azure,oauth-2.0,Azure,Oauth 2.0,我按照链接为我的Azure功能设置AAD身份验证。为了调用Azure函数,我尝试使用作为获取的令牌,但我得到了错误状态401“您没有查看此目录或页面的权限”。此访问令牌来自Uri。在测试中,我发现如果我从Uri请求令牌,它就会工作。为什么呢 来自的令牌解码如下 { "typ": "JWT", "nonce": "klkSaiUS7yT5KMshYVJZAkyu5AuDV14yEQLEkxiz2o4", &

我按照链接为我的Azure功能设置AAD身份验证。为了调用Azure函数,我尝试使用作为获取的令牌,但我得到了错误状态401“您没有查看此目录或页面的权限”。此访问令牌来自Uri。在测试中,我发现如果我从Uri请求令牌,它就会工作。为什么呢

来自的令牌解码如下

{
  "typ": "JWT",
  "nonce": "klkSaiUS7yT5KMshYVJZAkyu5AuDV14yEQLEkxiz2o4",
  "alg": "RS256",
  "x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
  "kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/{tenantId}/",
  "iat": 1597615459,
  "nbf": 1597615459,
  "exp": 1597619359,
  "aio": "E2BgYOD6EGiutPFpxY67vVocPgv3AAA=",
  "app_displayname": "app Displayname",
  "appid": "{appId GUID}",
  "appidacr": "1",
  "idp": "https://sts.windows.net/{tenantId}/",
  "oid": "{GUID}",
  "roles": [
    "User.ReadWrite.All",
    "Group.ReadWrite.All",
    "User.Invite.All",
    "TeamMember.ReadWrite.All",
    "Team.ReadBasic.All",
    "GroupMember.ReadWrite.All"
  ],
  "sub": "{GUID}",
  "tenant_region_scope": "NA",
  "tid": "{tenantId}",
  "uti": "lA__6UDggU6QYEGdX0t_AA",
  "ver": "1.0",
  "xms_tcdt": 1590621751
}.[Signature]

{
  "typ": "JWT",
  "alg": "RS256",
  "x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
  "kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
  "aud": "00000002-0000-0000-c000-000000000000",
  "iss": "https://sts.windows.net/{tenantId}/",
  "iat": 1597615470,
  "nbf": 1597615470,
  "exp": 1597619370,
  "aio": "E2BgYOAS8fUOUly15/PahOer9u1iBQA=",
  "appid": "{appId GUID}",
  "appidacr": "1",
  "idp": "https://sts.windows.net/{tenantId}/",
  "oid": "{GUID}",
  "sub": "{GUID}",
  "tenant_region_scope": "NA",
  "tid": "{tenantId}",
  "uti": "3wr4Ulqcs0ueW77ZacF4AA",
  "ver": "1.0"
}.[Signature]
来自的令牌解码如下

{
  "typ": "JWT",
  "nonce": "klkSaiUS7yT5KMshYVJZAkyu5AuDV14yEQLEkxiz2o4",
  "alg": "RS256",
  "x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
  "kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/{tenantId}/",
  "iat": 1597615459,
  "nbf": 1597615459,
  "exp": 1597619359,
  "aio": "E2BgYOD6EGiutPFpxY67vVocPgv3AAA=",
  "app_displayname": "app Displayname",
  "appid": "{appId GUID}",
  "appidacr": "1",
  "idp": "https://sts.windows.net/{tenantId}/",
  "oid": "{GUID}",
  "roles": [
    "User.ReadWrite.All",
    "Group.ReadWrite.All",
    "User.Invite.All",
    "TeamMember.ReadWrite.All",
    "Team.ReadBasic.All",
    "GroupMember.ReadWrite.All"
  ],
  "sub": "{GUID}",
  "tenant_region_scope": "NA",
  "tid": "{tenantId}",
  "uti": "lA__6UDggU6QYEGdX0t_AA",
  "ver": "1.0",
  "xms_tcdt": 1590621751
}.[Signature]

{
  "typ": "JWT",
  "alg": "RS256",
  "x5t": "huN95IvPfehq34GzBDZ1GXGirnM",
  "kid": "huN95IvPfehq34GzBDZ1GXGirnM"
}.{
  "aud": "00000002-0000-0000-c000-000000000000",
  "iss": "https://sts.windows.net/{tenantId}/",
  "iat": 1597615470,
  "nbf": 1597615470,
  "exp": 1597619370,
  "aio": "E2BgYOAS8fUOUly15/PahOer9u1iBQA=",
  "appid": "{appId GUID}",
  "appidacr": "1",
  "idp": "https://sts.windows.net/{tenantId}/",
  "oid": "{GUID}",
  "sub": "{GUID}",
  "tenant_region_scope": "NA",
  "tid": "{tenantId}",
  "uti": "3wr4Ulqcs0ueW77ZacF4AA",
  "ver": "1.0"
}.[Signature]
我知道这两个令牌具有不同的访问群体,并且在Azure功能的AAD身份验证中将这两个令牌都添加到了“允许的令牌访问群体”中

请帮助我理解这一点。非常感谢