0

在下面的代码中,默认情况下通过 Azure AD 和 Microsoft 身份平台访问令牌超时的长度是多少,来自下面的链接?

https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/5-WebApp-AuthZ/5-2-Groups/Startup.cs

     public void ConfigureServices(IServiceCollection services)
            {
                var initialScopes = new string[] { Constants.ScopeUserRead, Constants.ScopeGroupMemberRead };
                services.Configure<CookiePolicyOptions>(options =>
                {
                    // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                    options.CheckConsentNeeded = context => true;
                    options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
                    // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite
                    options.HandleSameSiteCookieCompatibility();
                });
    
                // Sign-in users with the Microsoft identity platform
                services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                        .AddMicrosoftIdentityWebApp(
                    options =>
                    {
                        Configuration.Bind("AzureAd", options);
                        options.Events = new OpenIdConnectEvents();
                        options.Events.OnTokenValidated = async context =>
                        {
                            //Calls method to process groups overage claim.
                            var overageGroupClaims = await GraphHelper.GetSignedInUsersGroups(context);
                        };
                    }, options => { Configuration.Bind("AzureAd", options); })
                        .EnableTokenAcquisitionToCallDownstreamApi(options => Configuration.Bind("AzureAd", options), initialScopes)
                        .AddMicrosoftGraph(Configuration.GetSection("GraphAPI"))
                        .AddInMemoryTokenCaches();
    
                // Adding authorization policies that enforce authorization using group values.
                services.AddAuthorization(options =>
                {
                options.AddPolicy("GroupAdmin",
                policy => policy.Requirements.Add(new GroupPolicyRequirement(Configuration["Groups:GroupAdmin"])));
                    options.AddPolicy("GroupMember",
                  policy => policy.Requirements.Add(new GroupPolicyRequirement(Configuration["Groups:GroupMember"])));
                });
                services.AddSingleton<IAuthorizationHandler, GroupPolicyHandler>();
    
                services.AddDistributedMemoryCache();
                services.AddSession(options =>
                {
                    options.IdleTimeout = TimeSpan.FromMinutes(1);
                    options.Cookie.HttpOnly = true;
                    options.Cookie.IsEssential = true;
                });
    
                services.AddControllersWithViews(options =>
                {
                    var policy = new AuthorizationPolicyBuilder()
                        .RequireAuthenticatedUser()
                        .Build();
                    options.Filters.Add(new AuthorizeFilter(policy));
                }).AddMicrosoftIdentityUI();
                services.AddRazorPages();
            }

我想下面的链接有答案。任何人都可以确认这一点并提供理想的答案吗?

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes https://docs.microsoft.com/en-us/azure/active-directory /develop/configure-token-lifetimes

问题

1 Azure AD 的默认访问令牌超时是什么?

2 如果可能,如何设置?

4

0 回答 0