我正在尝试验证从 Azure AD B2B 订阅者获得的访问令牌,我使用的是版本 2 "accessTokenAcceptedVersion": 2,
。
我当前的验证是在启动类中进行的
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(o =>
{
o.Audience = "application_id";
o.Authority = "https://login.microsoftonline.com/tenant_id";
o.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true };
});
令牌发行者未经验证
www-authenticate: Bearer error="invalid_token"error_description="The issuer 'https://login.microsoftonline.com/tanant_id/v2.0' is invalid"
授权网址
https://login.microsoftonline.com/tanant_id/oauth2/authorize
范围正在 Azure AD 中定义并由应用程序使用。
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = uri,
Scopes = new Dictionary<string, string>
{
{ "Access_api", "Admins and users" },
}
}
}
});
我不确定是什么导致了这种情况?