本文介绍了AppAuth IOS令牌交换问题Azure AD的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用Azure AD租户为Android构建了一个AppAuth测试应用程序,它运行正常。现在,我正在尝试使用iOS(SWIFT 4)进行同样的操作,但在尝试将访问代码交换为访问令牌时失败。没有返回任何错误,我确实得到了idToken,但没有accesToken或renhToken。没有其他错误。不知道发生了什么事。如果没有访问令牌,我就无法查询该图。我正在使用Azure AD v2。以下是我的一些代码片段:
func appAuthAuthorize(authConfig: AuthConfig) {
let serviceConfiguration = OIDServiceConfiguration(
authorizationEndpoint: NSURL(string: authConfig.authEndPoint)! as URL,
tokenEndpoint: NSURL(string: authConfig.tokenEndPoint)! as URL)
let request = OIDAuthorizationRequest(configuration: serviceConfiguration, clientId: authConfig.clientId, scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: NSURL(string: authConfig.redirectUri)! as URL, responseType: OIDResponseTypeCode, additionalParameters: nil)
doAppAuthAuthorization(authRequest: request)
}
func doAppAuthAuthorization(authRequest: OIDAuthorizationRequest) {
let appDelegate = UIApplication.shared.delegate as! AppDelegate
appDelegate.currentAuthorizationFlow = OIDAuthorizationService.present(authRequest, presenting: self, callback: {
(authorizationResponse, error) in
if (authorizationResponse != nil) {
self.authState = OIDAuthState(authorizationResponse: authorizationResponse!)
self.logMessage(message: "Got authorization code: (String(describing: self.authState?.lastAuthorizationResponse.authorizationCode))")
self.doTokenRequest()
} else {
self.authState = nil
self.logMessage(message: "Authorization error: (String(describing: error?.localizedDescription))")
}
})
}
func doTokenRequest() {
let tokenExchangeRequest = authState?.lastAuthorizationResponse.tokenExchangeRequest()
OIDAuthorizationService.perform(tokenExchangeRequest!) {
tokenResponse, error in
if tokenResponse == nil{
self.logMessage(message: "Token exchange error: (error!.localizedDescription)")
} else {
self.authState?.update(with: tokenResponse!, error: error)
self.saveState()
self.logMessage(message: "Received token response with accesToken: (tokenResponse!.idToken!)")
self.logMessage(message: "Received token response with accesToken: (tokenResponse!.refreshToken!)")
self.logMessage(message: "Received token response with accesToken: (tokenResponse!.accessToken!)")
self.retrieveUserProfile()
}
self.authState?.update(with: tokenResponse, error: error)
}
}
推荐答案
得到了答案。问题在于,根据授权服务器的不同,必须使用为该服务器定义的作用域。在上面的代码中,我使用了默认的OpenID作用域OIDScopeOpenID和OIDScopeProfile。当我将其更改为Azure AD范围的User.Read时,一切都开始正常工作。因此,以下是函数appAuthorize:
中代码的净更改func appAuthAuthorize(authConfig: AuthConfig) {
let serviceConfiguration = OIDServiceConfiguration(
authorizationEndpoint: NSURL(string: authConfig.authEndPoint)! as URL,
tokenEndpoint: NSURL(string: authConfig.tokenEndPoint)! as URL)
let request = OIDAuthorizationRequest(configuration: serviceConfiguration, clientId: authConfig.clientId, scopes: ["User.Read"], redirectURL: NSURL(string: authConfig.redirectUri)! as URL, responseType: OIDResponseTypeCode, additionalParameters: nil)
doAppAuthAuthorization(authRequest: request)
}
这篇关于AppAuth IOS令牌交换问题Azure AD的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!