Aplikasi desktop yang memanggil API web: Memperoleh token
Artikel
Setelah membuat contoh aplikasi klien publik, Anda akan menggunakannya untuk mendapatkan token yang kemudian akan Anda gunakan untuk memanggil API web.
Pola yang direkomendasikan
API web ditentukan oleh cakupannya. Apa pun pengalaman yang Anda berikan dalam aplikasi Anda, pola yang digunakan adalah:
Secara sistematis mencoba untuk mendapatkan token dari cache token dengan menelepon AcquireTokenSilent.
Jika panggilan ini gagal, gunakan AcquireToken alur yang ingin Anda gunakan, yang diwakili di sini oleh AcquireTokenXX.
AuthenticationResult result;
var accounts = await app.GetAccountsAsync();
IAccount account = ChooseAccount(accounts); // for instance accounts.FirstOrDefault
// if the app manages is at most one account
try
{
result = await app.AcquireTokenSilent(scopes, account)
.ExecuteAsync();
}
catch(MsalUiRequiredException ex)
{
result = await app.AcquireTokenXX(scopes, account)
.WithOptionalParameterXXX(parameter)
.ExecuteAsync();
}
Set<IAccount> accountsInCache = pca.getAccounts().join();
// Take first account in the cache. In a production application, you would filter
// accountsInCache to get the right account for the user authenticating.
IAccount account = accountsInCache.iterator().next();
IAuthenticationResult result;
try {
SilentParameters silentParameters =
SilentParameters
.builder(SCOPE, account)
.build();
// try to acquire token silently. This call will fail since the token cache
// does not have any data for the user you are trying to acquire a token for
result = pca.acquireTokenSilently(silentParameters).join();
} catch (Exception ex) {
if (ex.getCause() instanceof MsalException) {
InteractiveRequestParameters parameters = InteractiveRequestParameters
.builder(new URI("http://localhost"))
.scopes(SCOPE)
.build();
// Try to acquire a token interactively with system browser. If successful, you should see
// the token and account information printed out to console
result = pca.acquireToken(parameters).join();
} else {
// Handle other exceptions accordingly
throw ex;
}
}
return result;
guard let account = try? application.account(forIdentifier: accountIdentifier) else { return }
let silentParameters = MSALSilentTokenParameters(scopes: scopes, account: account)
application.acquireTokenSilent(with: silentParameters) { (result, error) in
guard let authResult = result, error == nil else {
let nsError = error! as NSError
if (nsError.domain == MSALErrorDomain &&
nsError.code == MSALError.interactionRequired.rawValue) {
// Interactive auth will be required, call acquireToken()
return
}
return
}
}
Dalam MSAL Node, Anda memperoleh token melalui aliran kode otorisasi dengan Proof Key for Code Exchange (PKCE). MSAL Node menggunakan cache token dalam memori untuk melihat apakah ada akun pengguna di cache. Jika ada, objek akun dapat diteruskan ke metode acquireTokenSilent() untuk mengambil token akses singgahan.
const msal = require("@azure/msal-node");
const msalConfig = {
auth: {
clientId: "your_client_id_here",
authority: "your_authority_here",
}
};
const pca = new msal.PublicClientApplication(msalConfig);
const msalTokenCache = pca.getTokenCache();
let accounts = await msalTokenCache.getAllAccounts();
if (accounts.length > 0) {
const silentRequest = {
account: accounts[0], // Index must match the account that is trying to acquire token silently
scopes: ["user.read"],
};
pca.acquireTokenSilent(silentRequest).then((response) => {
console.log("\nSuccessful silent token acquisition");
console.log("\nResponse: \n:", response);
res.sendStatus(200);
}).catch((error) => console.log(error));
} else {
const {verifier, challenge} = await msal.cryptoProvider.generatePkceCodes();
const authCodeUrlParameters = {
scopes: ["User.Read"],
redirectUri: "your_redirect_uri",
codeChallenge: challenge, // PKCE Code Challenge
codeChallengeMethod: "S256" // PKCE Code Challenge Method
};
// get url to sign user in and consent to scopes needed for application
pca.getAuthCodeUrl(authCodeUrlParameters).then((response) => {
console.log(response);
const tokenRequest = {
code: response["authorization_code"],
codeVerifier: verifier, // PKCE Code Verifier
redirectUri: "your_redirect_uri",
scopes: ["User.Read"],
};
// acquire a token by exchanging the code
pca.acquireTokenByCode(tokenRequest).then((response) => {
console.log("\nResponse: \n:", response);
}).catch((error) => {
console.log(error);
});
}).catch((error) => console.log(JSON.stringify(error)));
}
result = None
# Firstly, check the cache to see if this end user has signed in before
accounts = app.get_accounts(username=config["username"])
if accounts:
result = app.acquire_token_silent(config["scope"], account=accounts[0])
if not result:
result = app.acquire_token_by_xxx(scopes=config["scope"])
Ada berbagai cara Anda dapat memperoleh token di aplikasi desktop.
Segera hadir: Sepanjang tahun 2024 kami akan menghentikan penggunaan GitHub Issues sebagai mekanisme umpan balik untuk konten dan menggantinya dengan sistem umpan balik baru. Untuk mengetahui informasi selengkapnya, lihat: https://aka.ms/ContentUserFeedback.