0

I am trying to get a OAuth token (client_credentials flow) to be able to call my API. I cannot get the proper audience in the token.

In Azure AD, I created 2 App Registration. One to represent my API, the other one to represent my Client.

In my API App Registration, I exposes an API App Registration - Expose an API

As you can see in the screenshot I also added my Client App Registration as an "Authorized client applications".

I also added an App Role. App Role

In my Client App Registration, I created a secret to authenticate.

I also added my API App Registration in the "API Permissions" and also Granted Admin Consent.

API Permission

My problem is when I am trying to get a token from Azure AD. I do the following in Postman : enter image description here

But the token I get does not contain the audience I specified. It contains the default "Graph API" Audience. enter image description here

I've been reading on OAuth for the past 2 days but I can't figure out what I am doing wrong.

Also, please note that I cannot use the v2.0 endpoint because in the end, I do all this to be able to authenticate to my API in Power Automate and I don't have the option to use the v2.0 endpoint (and the resource or scope parameters).

enter image description here

Here's the token decoded

enter image description here

Any help will be greatly appreciated.

4

1 回答 1

2

总之,我会将其发布为答案。

就像我在评论中说的,如果您使用的是 OAuth 2.0 协议,当您使用v1.0 端点请求访问令牌时,您应该使用resource参数而不是audience参数,因为audienceOAuth 2.0 协议无法识别参数。即使你没有在postman中选择这个参数,你也应该能够获得一个默认的ms graph api token。

audience参数在 Auth0 组织中常用,但与 OAuth 2.0 协议有一些区别。Auth0的请求URL如下:

curl --request POST \
  --url 'https://YOUR_DOMAIN/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET \
  --data audience=YOUR_API_IDENTIFIER
于 2021-04-08T14:56:36.663 回答