我已通过 Azure Active Directory (AAD) 设置身份验证,一切正常(我收到了访问和刷新令牌)。
我已经阅读了有关应用程序角色的信息,并且我想使用它们(为简单起见,我们假设我想要拥有管理员和用户角色)。我已遵循官方文档(缺少最后一部分..)here.
不幸的是,令牌不包含“角色”声明。
这是我的更详细设置:
1) I have Azure AD app called TestAuthApp and I added roles to the manifest
![enter image description here](https://i.stack.imgur.com/s5bKo.png)
2) I assigned the roles
![enter image description here](https://i.stack.imgur.com/J2ynT.png)
3) This is the url for login:
![enter image description here](https://i.stack.imgur.com/zVVz4.png)
4) And this is the node.js code which handles the auth code and receives the tokens
![enter image description here](https://i.stack.imgur.com/YMIpx.png)
5) 测试 Joe 返回的访问令牌示例(当您在 jwt.io 中检查它时,您会看到角色声明不存在) eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFQY3R3X29kdlJPb0VOZzNWb09sSWgydGlFcyIsImtpZCI6ImFQY3R3X29k dlJPb0VOZzNWb09sSWgydGlFcyJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8zOTI2ZjVmNC1jYTYwLTQ 2ZGUtYjlmOC03MjYzOWQ1NTizMmQvIiwiaWF0IjoxNTcxMjMxNjQwLCJuYmYiOjE1NzEyMzE2NDASImV4cCI6MTU3MTIzNTU0MCwiYWNyIjoiMSIsImFpbyI6IjQyVmdZT0F5czRzdGFOclB0MFNt WUNOZllxamtuczNMcnpYLzhacTY1NjRXaTBuVXdwMEEiLCJhbXIiOlsicHdkIl0sImFwcGlkIjoiZmVhNWQxNjktNTUzNS00YThjLWJhNjEtYmNiMGIyNTEyowrkIiwiYXBwaWRhy3IiOiIxIiwiaX BhZGRyIjoiOTQuMjMwLjE1MC40IiwibmFtZSI6IlRlc3QgSm9lIiwib2lkIjoiZDU3YjZlNjAtNzVhMC00ODM4LTllYmMtZWM1MzRkYjAyMTM0IiwicHVpZCI6IjEwMDMyMDAwNDhGOEMwNEQiLCJzY 3AiOiJVc2VyllJlyWQiLCJzdWIiOiJURllOclNGT01ECU5kRnBaY25YeGdoRm1GR2IteHFZN3Y2bDh6R1lhRGg4IiwidGVuYW50X3JlZ2lvbl9zY29wZSI6Ik5BIiwidGlkIjoiMzkyNmY1Z jQtY2E2MC00NmRlLWI5ZjgtNzI2MzlkNTUyMzJkIiwidW5pcXVlX25hbWUIOiJ0ZXN0am9lQHNly3VyaXR5cG9jMTIzNC5vbm1pY3Jvc29mdC5jb20iLCJ1cG4iOiJ0ZXN0am9lQH NlY3VyaXR5cG9jMTIzNC5vbm1pY3Jvc29mdC5jb20iLCJ1dGkiOiJHQUJCYy1TaTBVbXZMMzVBRXk4V0FBIiwidmVyIjoiMS4wIn0.Z8gydgRzEqk9dZ_fxt67iZMwVqu708WrZWJf3_9yd gc9cV0HizECxXxeNuws6EtiQhLxnguOVYKq7s5R2V4AlquAnc75YaMn0mWhZXGEtuVT6T6tldy5GgrbDpJy9eU5Ismo5ppfkcGRkUoJ0lScHeXic1gQ_M_k44e-QXJtMMxr6JdPA9jqixuCMK-84TdbY C1RlJYM47PJfYttWoibI29XsoUU-0ucwcCB8hshZfQRU48LrTlCwmtB-p9rim6E7xLmBxaXMBo99N9AizGJj9jV-rr_bPGXpq8_CQsiF07ckJ51SWe8dbMpCwybKYVVoMc3rsazylKcJzxD p1rD4A
该令牌是不适合您的应用程序的访问令牌。您要查找的角色应该在 id 令牌中。
我之所以这么说是因为观众是 00000002-0000-0000-c000-000000000000,这是一个内置 API(但不记得是哪一个)。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)