OIDC 允许用户交换凭据以获取令牌。

huangapple go评论72阅读模式
英文:

What OIDC allow users to exchange credentials for a token

问题

I have a SPA secured with AAD B2C. The SPA talks to APIs also secured with AAD B2C. Right now, users can copy/paste the authorization header from Chrome to a tool like Postman and call APIs directly.

I'd like to make this step a little easier for users. I suspect there's a token grant flow that allows a user to call https://login.microsoftonline.com/common/oauth2/v2.0/token and exchange username and password for a bearer token.

I can't find a reference to any such flow. Can you point me in the right direction?

There are too many users for me to create an AppID/Secret for each one.

英文:

I have a SPA secured with AAD B2C. The SPA talks to APIs also secured with AAD B2C. Right now, users can copy/paste the authorization header from Chrome to a tool like Postman and call APIs directly.

I'd like to make this step a little easier for users. I suspect there's a token grant flow that allows a user to call https://login.microsoftonline.com/common/oauth2/v2.0/token and exchange username and password for a bearer token.

I can't find a reference to any such flow. Can you point me in the right direction?

There are too many users for me to create a AppID/Secret for each one.

答案1

得分: 1

这取决于您所指的“users”。如果他们只是内部测试人员,您可以配置一个Azure资源所有者密码客户端,然后可以向测试人员提供其客户端ID和密钥,然后他们可以提交自己的用户名和密码以获取令牌。

这种流程对于测试可能很方便,但不建议用于生产环境。例如,在OAuth 2.1中,它已被删除。因此,最好避免将此类客户端添加到部署流水线的生产阶段。

英文:

It depends what you mean by users. If they are just internal testers you can configure an Azure resource owner password client and testers can be given its client ID and secret, then post their own username and password to get tokens.

This flow can be convenient for testing, but is not recommended for production usage. Eg in OAuth 2.1 it has been removed. So perhaps avoid adding such a client to the production stage of your deployment pipeline.

huangapple
  • 本文由 发表于 2023年3月3日 22:12:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/75628166.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定