本文介绍了AppAuth IOS令牌交换问题Azure AD的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用Azure AD租户为Android构建了一个AppAuth测试应用程序,它运行正常。现在,我正在尝试使用iOS(SWIFT 4)进行同样的操作,但在尝试将访问代码交换为访问令牌时失败。没有返回任何错误,我确实得到了idToken,但没有accesToken或renhToken。没有其他错误。不知道发生了什么事。如果没有访问令牌,我就无法查询该图。我正在使用Azure AD v2。以下是我的一些代码片段:

func appAuthAuthorize(authConfig: AuthConfig) {
    let serviceConfiguration = OIDServiceConfiguration(
        authorizationEndpoint: NSURL(string: authConfig.authEndPoint)! as URL,
        tokenEndpoint: NSURL(string: authConfig.tokenEndPoint)! as URL)

    let request = OIDAuthorizationRequest(configuration: serviceConfiguration, clientId: authConfig.clientId, scopes: [OIDScopeOpenID, OIDScopeProfile], redirectURL: NSURL(string: authConfig.redirectUri)! as URL, responseType: OIDResponseTypeCode, additionalParameters: nil)

    doAppAuthAuthorization(authRequest: request)
}


func doAppAuthAuthorization(authRequest: OIDAuthorizationRequest) {
    let appDelegate = UIApplication.shared.delegate as! AppDelegate

    appDelegate.currentAuthorizationFlow = OIDAuthorizationService.present(authRequest, presenting: self, callback: {
        (authorizationResponse, error) in
        if (authorizationResponse != nil) {
            self.authState = OIDAuthState(authorizationResponse: authorizationResponse!)
            self.logMessage(message: "Got authorization code: (String(describing: self.authState?.lastAuthorizationResponse.authorizationCode))")
            self.doTokenRequest()
        } else {
            self.authState = nil
            self.logMessage(message: "Authorization error: (String(describing: error?.localizedDescription))")
        }
    })
}

func doTokenRequest() {
    let tokenExchangeRequest = authState?.lastAuthorizationResponse.tokenExchangeRequest()

    OIDAuthorizationService.perform(tokenExchangeRequest!) {
        tokenResponse, error in
        if tokenResponse == nil{
            self.logMessage(message: "Token exchange error: (error!.localizedDescription)")
        } else {
            self.authState?.update(with: tokenResponse!, error: error)
            self.saveState()
            self.logMessage(message: "Received token response with accesToken: (tokenResponse!.idToken!)")
            self.logMessage(message: "Received token response with accesToken: (tokenResponse!.refreshToken!)")
            self.logMessage(message: "Received token response with accesToken: (tokenResponse!.accessToken!)")
            self.retrieveUserProfile()
        }

        self.authState?.update(with: tokenResponse, error: error)
    }
}

推荐答案

得到了答案。问题在于,根据授权服务器的不同,必须使用为该服务器定义的作用域。在上面的代码中,我使用了默认的OpenID作用域OIDScopeOpenID和OIDScopeProfile。当我将其更改为Azure AD范围的User.Read时,一切都开始正常工作。因此,以下是函数appAuthorize:

中代码的净更改
func appAuthAuthorize(authConfig: AuthConfig) {
let serviceConfiguration = OIDServiceConfiguration(
    authorizationEndpoint: NSURL(string: authConfig.authEndPoint)! as URL,
    tokenEndpoint: NSURL(string: authConfig.tokenEndPoint)! as URL)

let request = OIDAuthorizationRequest(configuration: serviceConfiguration, clientId: authConfig.clientId, scopes: ["User.Read"], redirectURL: NSURL(string: authConfig.redirectUri)! as URL, responseType: OIDResponseTypeCode, additionalParameters: nil)

doAppAuthAuthorization(authRequest: request)

}

这篇关于AppAuth IOS令牌交换问题Azure AD的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-28 03:09