问题描述
我正在尝试设置一个Azure Web应用程序以通过Azure AD进行身份验证,并在后台自动刷新ID令牌.一篇很棒的博客文章帮助我了解了整个过程: https://cgillum.tech/2016/03/07/app-服务令牌存储/
I'm trying to set up an Azure Web App to to authenticate with Azure AD and refresh ID Token behind the scenes automatically.A great blog post helped me understand how the whole thing works:https://cgillum.tech/2016/03/07/app-service-token-store/
与此链接相关的本指南帮助我进行了设置: http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/
And this guide linked from it helped me set it up:http://cgillum.tech/2016/03/25/app-service-auth-aad-graph-api/
为Azure AD身份验证启用刷新令牌似乎并不那么简单,因此建议我使用上述指南将其设置为好像是针对GraphApi一样.
It seems enabling refresh tokens for Azure AD authentication isn't that simple so as recommended I used the aforementioned guide to set it up as if it were for GraphApi.
我遇到的问题甚至是在调用".auth/refresh"端点然后调用".auth/me"端点之后,唯一刷新的令牌是访问令牌.该令牌对我没有用,因为我在与后端服务器通信时使用Id令牌(使用授权承载"标头).
The problem I'm having is even after calling the ".auth/refresh" endpoint and then calling the ".auth/me" endpoint, the only token which is refreshed is the Access Token. That token is of no use to me since I use the Id Token when communicating with my backend server (using an "Authorization Bearer" header).
那我该如何也刷新ID令牌?
So how do I get the Id Token to refresh as well?
推荐答案
不幸的是,AAD不支持刷新ID令牌.仅访问令牌可以刷新.参见此处: https://azure.microsoft.com/zh-CN/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens
Unfortunately AAD does not support refreshing the ID token. Only the access token can be refreshed. See here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/#refreshing-the-access-tokens
但是,即使可以刷新它,在与另一项服务进行身份验证时使用访问令牌也更正确,因此我建议更改您的应用程序以这种方式工作.访问令牌和id_token的声明非常相似,因此这不是一个具有破坏性的更改.
But even if it could be refreshed, it's more correct to use an access token when authenticating with another service, so I suggest changing your apps to work this way. The claims on the access token and the id_token are very similar so it should not be a very disruptive change.
这篇关于如何在Web App中从Azure AD刷新ID令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!