【发布时间】:2021-07-30 05:28:37
【问题描述】:
我希望有人能够阐明我在身份验证方面遇到的问题。我主要使用此指南:https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-overview
我有一个 React 应用程序已成功(我认为...)为我的 API 检索访问令牌:
const account = msalInstance.getActiveAccount();
if (account) {
msalInstance.acquireTokenSilent({
...apiToken,
account: account
}).then((response) => {
setToken(response.accessToken);
});
}
我的请求将令牌放在授权标头中: Headers
我的令牌看起来像:Token
每当我使用 Authorize 属性时,我的 API 都会返回 401。因为我的客户正在检索一个看起来正确的令牌,所以我假设问题出在我的 API 上。这就是我在启动验证中的内容:
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(
new TokenValidationParameters
{
// Check if the audience is intended to be this application
ValidAudiences = new[] { [MY_API_CLIENT_ID (SAME AS AUDIENCE IN TOKEN)], [MY API REGISTRATION URI] },
// Change below to 'true' if you want this Web API to accept tokens issued to one Azure AD tenant only (single-tenant)
// Note that this is a simplification for the quickstart here. You should validate the issuer. For details,
// see https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore
ValidateIssuer = false,
ValidateAudience = false,
ValidateTokenReplay = false,
ValidateIssuerSigningKey = false,
ValidateLifetime = false,
ValidateActor = false, //all false for testing
},
new OpenIdConnectSecurityKeyProvider("https://login.microsoftonline.com/[MY_TENANT_ID]/v2.0/.well-known/openid-configuration")
),
});
【问题讨论】:
标签: reactjs authentication asp.net-web-api jwt msal