브라우저에서 토큰을 얻기 위해 MSAL-Browser API 응답을 처리하는 방법은 무엇입니까?

김진영 0 Reputation points
2024-03-15T00:28:22.79+00:00

스크린샷 2024-03-15 오전 9.21.27

로그인을 수행한 후 토큰 유형, 액세스 토큰, 새로 고침 토큰 등을 얻기 위해 MSAL-Browser API를 사용하고 있습니다. 그러나 이를 처리하기 위해 API의 응답에 액세스할 수 있는 곳이 어디인지 잘 모르겠습니다. 특히 새로 고침 토큰을 저장하고 싶습니다. 토큰 API 응답에 액세스하는 방법을 안내해 줄 수 있나요? 설명서를 참조했지만 필요한 세부 정보를 제공하지 않는 것 같습니다. 또한 코드를 디버깅하려고 시도했지만 응답이 반환된 위치를 찾을 수 없습니다. 원하는 결과를 얻기 위해 응답을 처리하는 방법에 대한 지침을 제공할 수 있습니까?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,049 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,813 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,751 Reputation points Microsoft Employee
    2024-03-15T07:23:21.2366667+00:00

    @김진영

    Thanks for reaching out.

    Access tokens enable clients to securely call protected web APIs. Clients should use the token response data that's returned with the access token for details on what's inside it.

    You can pass https://jwt.ms in your redirect URI where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token to get the claims.

    However, the contents of the token are intended only for the API, which means that access tokens must be treated as opaque strings. For validation and debugging purposes only, developers can decode JWTs using a site like jwt.ms.

    To pass the access token to API, access token needs to pass as bearer token in the authorization header to call the API.

    var tenantId = "you-azure-tenand-id";
    var clientId = "azure-ad-application-id";
    var clientSecret = "unique-secret-generated-for-this-console-app";
    
    // Configure app builder
    var authority = $"https://login.microsoftonline.com/{tenantId}";
    var app = ConfidentialClientApplicationBuilder
        .Create(clientId)
        .WithClientSecret(clientSecret)
        .WithAuthority(new Uri(authority))
        .Build(); 
    
    // Acquire tokens for Graph API
    var scopes = new[] {"user.read offline_access"};
    var authenticationResult = await app.AcquireTokenForClient(scopes).ExecuteAsync();
    
    // Create GraphClient and attach auth header to all request (acquired on previous step)
    var graphClient = new GraphServiceClient(
        new DelegateAuthenticationProvider(requestMessage => {
            requestMessage.Headers.Authorization = 
                new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
    
            return Task.FromResult(0);
        }));
    

    Here AcquireTokenForClient() is used to acquire the token and authenticationResult has tokens stored in it which can be passed as bearer token calling Graph API.

    Regarding the refresh token, those are used to acquire extra access tokens when access token gets expire. You can receive refresh token along with access token by requesting offine_access scope.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.