验证来自 Azure AD B2B 的令牌颁发者

时间:2021-04-02 13:41:22

标签: azure token bearer-token azure-ad-b2b

我正在尝试验证从 Azure AD B2B 订阅者获得的访问令牌,我使用的是版本 2 "accessTokenAcceptedVersion": 2,

我当前的验证是在启动类中进行的

 services
            .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(o =>
            {
                o.Audience = "application_id";
                o.Authority = "https://login.microsoftonline.com/tenant_id";
                o.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true };

            });

令牌发行者未经验证

 www-authenticate: Bearer error="invalid_token"error_description="The issuer 'https://login.microsoftonline.com/tanant_id/v2.0' is invalid"

授权网址

https://login.microsoftonline.com/tanant_id/oauth2/authorize

范围正在 Azure AD 中定义并由应用程序使用。

 c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
                {
                    Type = SecuritySchemeType.OAuth2,
                    Flows = new OpenApiOAuthFlows
                    {
                        Implicit = new OpenApiOAuthFlow
                        {
                            AuthorizationUrl = uri,
                            Scopes = new Dictionary<string, string>
                             {
                                { "Access_api", "Admins and users" },
                             }
                        }
                    }
                });

我不确定是什么导致了这种情况?

0 个答案:

没有答案
相关问题
最新问题