如何在AngularJS中使用adal.js从我的javascript代码中获取受众https://management.azure.com的持有人令牌?
我在AD中创建了一个客户端应用程序,并设置了允许其访问“Windows Azure Service Management API”的权限。我的angularjs代码如下:
adalService.init(
{
instance: "https://login.windows.net/",
tenant: "<something>.onmicrosoft.com",
clientId: "<some id>",
cacheLocation: 'localStorage',
redirectUri: 'http://localhost:63691/index.html#/configure',
endpoints: {
/* 'target endpoint to be called': 'target endpoint's resource ID' */
'https://management.azure.com/subscriptions?api-version=2014-04-01': 'https://management.azure.com/'
}
},
$httpProvider
);
如果我在POSTMAN中使用此adalService收到的令牌来调用https://management.azure.com/subscriptions?api-version=2014-04-01,则会收到以下错误:
The access token has been obtained from wrong audience or resource '<some id>'.
It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.windows.net/','https://management.azure.com/'.
答案 0 :(得分:5)
好的,所以我在这里查看了ADAL.JS的源代码后找到了解决方案。在第137行,它查看config.loginResource以查看在将config对象传递给init()函数时是否已设置。
将其放在那里,让任何人陷入困境:
如果您需要令牌来声明“https://management.azure.com/”(或任何其他资源URI),您可以在初始化AuthenticationContext时设置受众群体,如下所示:
app.config(['$routeProvider', '$httpProvider', 'adalAuthenticationServiceProvider', function ($routeProvider, $httpProvider, adalService) {
adalService.init(
{
instance: "https://login.microsoftonline.com/",
tenant: "<something>.onmicrosoft.com",
clientId: "<client-id>",
cacheLocation: 'localStorage', //optional
redirectUri: '<redirect-uri>',
loginResource: 'https://management.azure.com/' //to set AUDIENCE
},
$httpProvider
);
}]);