Swagger 无法对 Azure AD B2C 进行身份验证
我有一个带有 Swagger 的 Web API 和一个 Azure AD B2C 租户。
React 应用程序能够从 B2C 获取令牌,例如:
msalInstance.loginRedirect({
scopes: ["openid", "offline_access", process.env.MY_CLIENT_ID],
});
但是 Swagger Authorize 函数返回 AADB2C90205, This+application+does+not+have+sufficient+permissions+against+this+web+resource+to+perform+the+operation
AddSwagger 中的 Startup.cs 代码是:
private void AddSwagger(IServiceCollection services)
{
var azureAdB2C = new AzureAdB2CSettings();
this.Configuration.Bind("AzureAdB2C", azureAdB2C);
var authUrl = $"https://{azureAdB2C.TenantName}.b2clogin.com/{azureAdB2C.TenantName}.onmicrosoft.com/{azureAdB2C.SignUpSignInPolicyId}/oauth2/v2.0";
services.AddOpenApiDocument(
document =>
{
document.AddSecurity(
"bearer",
Enumerable.Empty<string>(),
new OpenApiSecurityScheme
{
Type = OpenApiSecuritySchemeType.OAuth2,
Description = "Azure AAD Authentication",
Flow = OpenApiOAuth2Flow.Implicit,
Flows = new OpenApiOAuthFlows()
{
Implicit = new OpenApiOAuthFlow()
{
Scopes = new Dictionary<string, string>
{
{
$"{azureAdB2C.Instance}/{azureAdB2C.ClientId}/user_impersonation",
"Access Application"
},
{
$"{azureAdB2C.Instance}/{azureAdB2C.ClientId}/access_as_user",
"Access as User"
},
},
AuthorizationUrl = $"{authUrl}/authorize",
TokenUrl = $"{authUrl}/token",
},
},
});
document.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor("bearer"));
});
}
B2C配置如下:
我在这里遗漏了什么明显的东西吗?
1 个答案:
答案 0 :(得分:0)
如果要调用 Azure AD B2C 投射的 web api,请参考以下步骤
一个。 Register web api application in Azure AD B2C
B.定义范围
c. Register SPA application in Azure AD B2C
e.申请
- 包装
Microsoft.AspNetCore.Authentication.AzureADB2C.UI
NSwag.AspNetCore
- appsettings.json
{
"AzureAdB2C": {
"Instance": "https://<>.b2clogin.com/tfp/",
"ClientId": "<web api clinet id>",
"Domain": "<>.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_test"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
public void ConfigureServices(IServiceCollection services)
{
// snip
services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
.AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));
// Add security definition and scopes to document
services.AddOpenApiDocument(document =>
{
document.AddSecurity("bearer", Enumerable.Empty<string>(), new OpenApiSecurityScheme
{
Type = OpenApiSecuritySchemeType.OAuth2,
Description = "B2C authentication",
Flow = OpenApiOAuth2Flow.Implicit,
Flows = new OpenApiOAuthFlows()
{
Implicit = new OpenApiOAuthFlow()
{
Scopes = new Dictionary<string, string>
{
{ "https://<b2c_tenant_name>.onmicrosoft.com/your-api/user_impersonation", "Access the api as the signed-in user" },
{ "https://<b2c_tenant_name>.onmicrosoft.com/your-api/read", "Read access to the API"},
{ "https://<b2c_tenant_name>.onmicrosoft.com/your-api/mystery_scope", "Let's find out together!"}
},
AuthorizationUrl = "https://<b2c_tenant_name>.b2clogin.com/<b2c_tenant_name>.onmicrosoft.com/oauth2/v2.0/authorize?p=<policy_name>",
TokenUrl = "https://<b2c_tenant_name>.b2clogin.com/<b2c_tenant_name>.onmicrosoft.com/oauth2/v2.0/token?p=<policy_name>"
},
}
});
document.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor("bearer"));
});
//snip
// ...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseOpenApi();
app.UseSwaggerUi3(settings =>
{
settings.OAuth2Client = new OAuth2ClientSettings
{
ClientId = "<spa client id>",
AppName = "swagger-ui-client"
};
});
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
f.test
有关详细信息,请参阅blog。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?