gpt4 book ai didi

php - Azure AD 身份验证问题 - 不记名 token 仅返回应用程序信息

转载 作者:行者123 更新时间:2023-12-03 05:27:50 25 4
gpt4 key购买 nike

我在为我的网站实现 Azure AD SSO 时遇到问题。

Azure AD 配置使用证书而不是 key 。一切看起来都正常,但是 https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token 返回一个仅包含应用程序信息的承载 token ,我正在尝试获取已登录用户的用户信息。

谁能给我提供一些如何获取用户信息的信息和提示吗?

获取不记名 token 的代码:

public function getAccessToken(){
$link = "https://login.microsoftonline.com/{$this->tenantId}/oauth2/v2.0/token";
$request_headers = array(
'Accept: application/x-www-form-urlencoded'
);
$post_data = array(
"client_id" => $this->clientId,
"grant_type" => "client_credentials",
"client_assertion_type" => "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion" => $this->jwToken,
"scope" => "https://graph.microsoft.com/.default",
"code" => $this->responseCode,
"redirect_uri" => $this->redirectUri,
);
$curlResponse = $this->sendCURLRequest($link, $request_headers, $post_data);
var_export($curlResponse);
}

最佳答案

正如@juunas建议的那样,您应该使用authorization code flow而不是client credentials flow .

现在您已经从 Request an authorization code 获得了代码 ,接下来您需要 Redeem a code for an access token .

POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong
&client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps. This secret needs to be URL-Encoded.

您使用的是Client credentials flow get token ,其中您不需要代码

关于php - Azure AD 身份验证问题 - 不记名 token 仅返回应用程序信息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67465541/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com