Azure广告范围与不同的受众
我已经改编了Azure移动应用程序示例( https://github.com/azure/azure/azure/azure-azure--azure-移动应用)并与DataSyncclient(用于离线同步)一起使用。但是,我想通过IdentityClient在身份验证期间重复使用Microsoft Graph API。这是失败的,我想这是由于我使用的范围。
除了在样本文档中,我需要使用真正的房地产而不是“常见”,这是因为我的公司房客的设置。 其次,可能与上述有关,我必须设置“ access_as_user”权限的范围为“ api://&lt< client_id>/access_as_user”。现在,我需要其他范围“ user.read”,但是如果我一起请求它们两者(以便能够重复使用收到的令牌),则在将令牌用于Graph API调用时,我会得到“无效的受众”。
有什么想法吗? br 丹尼尔
I've adapted the Azure Mobile Apps example (https://github.com/Azure/azure-mobile-apps) and got it to work with the DataSyncClient (for offline sync). However I would like to reuse the token I get during authentication via the IdentityClient to call the Microsoft Graph API. This is failing and I guess it is due to the scopes I use.
Other than in the samples documentation I needed to use the real TenantID instead of "common" which is, I guess, because of the setup of my companies tenant.
Secondly, probably related to the above, I had to setup my scope for the "access_as_user" permission as "api://<client_id>/access_as_user". Now I would need the additional scope "User.Read", but if I request them both together (to be able to reuse the received token), I get a "Invalid audience" when using the token for the graph API call.
Any idea?
BR,
Daniel
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要获得2个访问令牌。
一个访问令牌仅适用于一个API。
通常,您可以在没有第二个登录提示的情况下获得第二个令牌(例如,使用刷新令牌,MSAL为您处理此操作)。
You need to get 2 access tokens.
One access token only works for one API.
Typically you can get the second token without a second login prompt (e.g. with refresh token, MSAL handles this for you).