Azure AD B2C 以编程方式获取令牌以进行单元测试

问题描述

我的场景很简单，我有一个带有 B2C 身份验证的简单 Azure 函数，我正在编写单元测试，但我发现了一个问题，我无法以编程方式对 azure 函数进行身份验证.

My scenario is simple I have a simple Azure Function with B2C authentication on it and I'm writing unit tests but I found an issue, I'm not able to authenticate to the azure functions programmatically.

我可以通过浏览器访问，甚至可以获取令牌并将其放入单元测试中，它工作正常，但是当我尝试使用 ClientID、TenantID 等生成令牌时，我得到一个令牌，但在 Azure 函数上出现 401 Unauthorized response.

I'm able to access through the browser and even I can grab the token and put it into the unit test and it works fine, but when I try to generate a token using the ClientID, TenantID, etc. I get a token, but 401 Unauthorized response on the Azure functions.

有没有办法以编程方式生成有效的 B2C 令牌(无需在浏览器中登录?

我目前使用的方法:

public static async  Task<AuthenticationResult> GetAccessToken(string resourceUri, string clientId, string clientSecret)
{
        ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);

        string aadInstance = "https://login.microsoftonline.com/";
        string tenant = "<mytenant>.onmicrosoft.com";
        string authority = string.Concat(aadInstance, tenant);
        AuthenticationContext authContext = new AuthenticationContext(authority);

        return await authContext.AcquireTokenAsync(resourceUri, clientCredential);
}

我得到一个令牌 (EY.......) 但无效，当我传递给 Azure 函数请求时，它返回 401 Unauthorized.

I'm getting a token (EY.......) but is not valid, when I passed to the Azure Function request, it returns 401 Unauthorized.

提前致谢！伊万

推荐答案

几个月前，Microsoft 发布了资源所有者密码凭据流策略，使用该策略您可以模拟登录，并在查询中传递登录详细信息:如下:

A couple of months ago, Microsoft released a policy for resource owner password credentials flow, with that policy you can simulate a login passing the login details in a query as follows:

1. 在 B2C 中创建 ROPC 策略
2. 注册申请

3. 按如下方式测试策略:

1. Create a ROPC policy in B2C
2. Register an application

3. Test the policy as follows:

  https://te.cpim.windows.net/{B2C TENANT}/{ROPC B2C POLICY}/oauth2/v2.0/token?username={USERNAME}&password={password}&grant_type=password&scope=openid+{CLIENT ID}+offline_access&client_id=[CLIENT ID]&response_type=token+id_token

您可以找到更详细的信息 这里

You can find more detailed info here

这篇关于Azure AD B2C 以编程方式获取令牌以进行单元测试的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！