Openid 如何使用B2C当前登录的用户&x27;访问Microsoft Graph API;国书
我有一个定义了策略的Azure Active Directory B2C,并在B2C刀片服务器中注册了一个应用程序。我可以在.NET web应用程序中使用OWIN管道将用户签名到应用程序中。但是,该用户似乎无法使用AAD B2C返回的JWT访问Graph API 第一个问题似乎是可用的作用域。在我的应用程序的Startup.Auth.cs中的OWIN设置中,我有以下代码:Openid 如何使用B2C当前登录的用户&x27;访问Microsoft Graph API;国书,openid,microsoft-graph-api,azure-ad-b2c,Openid,Microsoft Graph Api,Azure Ad B2c,我有一个定义了策略的Azure Active Directory B2C,并在B2C刀片服务器中注册了一个应用程序。我可以在.NET web应用程序中使用OWIN管道将用户签名到应用程序中。但是,该用户似乎无法使用AAD B2C返回的JWT访问Graph API 第一个问题似乎是可用的作用域。在我的应用程序的Startup.Auth.cs中的OWIN设置中,我有以下代码: private static string clientId = ConfigurationManager.
private static string clientId = ConfigurationManager.AppSettings["ida:AppId"];
private static string clientSecret = ConfigurationManager.AppSettings["ida:AppSecret"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AadInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string redirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
private static string graphScopes = ConfigurationManager.AppSettings["ida:GraphScopes"];
// B2C policy identifiers
public static string SignUpPolicyId = ConfigurationManager.AppSettings["ida:SignUpPolicyId"];
public static string SignInPolicyId = ConfigurationManager.AppSettings["ida:SignInPolicyId"];
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
// Configure OpenID Connect middleware for each policy
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignUpPolicyId));
//app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(ProfilePolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(SignInPolicyId));
}
在本文件后面,我有以下内容:
private OpenIdConnectAuthenticationOptions CreateOptionsFromPolicy(string policy)
{
return new OpenIdConnectAuthenticationOptions
{
// For each policy, give OWIN the policy-specific metadata address, and
// set the authentication type to the id of the policy
MetadataAddress = String.Format(aadInstance, tenant, policy),
AuthenticationType = policy,
// These are standard OpenID Connect parameters, with values pulled from web.config
ClientId = clientId,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = AuthenticationFailed,
},
Scope = "openid profile offline_access",
ResponseType = "id_token",
// This piece is optional - it is used for displaying the user's name in the navigation bar.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
SaveSigninToken = true,
},
};
}
在设置范围的地方,我尝试使用中的一个范围,以便以后访问该图。这给了我一个无效的请求错误。不幸的是,Microsoft Graph不支持AAD B2C发行的令牌。随着时间的推移,这是我们需要解决的问题。同时,您需要从常规AAD STS(从v1或v2端点)获取令牌。请看
希望这能有所帮助,您能否澄清Microsoft公共文档中明确指出B2C代币不能与Microsoft Graph一起使用的内容?