0

我们正在使用带有 PKCE 授权代码授予的 SPA。现在我们要使用 SSO 登录。但是应用程序(SSO 应用程序)返回授权码,不能在会话中或 SSO 系统的 cookie 中持久存在。

4

1 回答 1

0

This is by design.In PKCE flow you do two requests in order to get access token. First request is to get the code which you have already done and the second request will use this code to get the access token.

To get access token from below sample request will help

POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong 
&client_secret=JqQX2PNo9bpM0uEihUPzyrh    

Please refer MS Document for more details

于 2020-12-17T11:30:10.980 回答