我得到相同的值,但格式不同
audclient_credentialauthorization_codePOST /tenant.onmicrosoft.com/B2C_1_app_SignIn/oauth2/v2.0/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: PostmanRuntime/7.36.1
Accept: */*
Cache-Control: no-cache
Postman-Token: e392d8bc-8766-4d7b-bac5-32a5716a8600
Host: tenant.b2clogin.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 1120
grant_type=authorization_code&code=<code>&redirect_uri=https%3A%2F%2Foauth.pstmn.io%2Fv1%2Fcallback&code_verifier=<verifier>&client_id=<clientid>
回应:
{"access_token":"<jwt>","token_type":"Bearer",
"not_before":1706064107,"expires_in":3600,
"expires_on":1706067707,"resource":"<resource>","profile_info":"<profile>",
"scope":"https://tenant.onmicrosoft.com/177da752-d895-4325-9aee-d6e459bee811/app.full_access",
"refresh_token":"<refresh token>","refresh_token_expires_in":86400}
"aud": "177da752-d895-4325-8aee-d6e459bee811"POST /tenant.onmicrosoft.com/b2c_1_app_signin/oauth2/v2.0/token HTTP/1.1
User-Agent: PostmanRuntime/7.36.1
Accept: */*
Host: tenant.b2clogin.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 231
client_id=<clientid>&scope=https%3A%2F%2Ftenant.onmicrosoft.com%2F177da752-d895-4325-9aee-d6e459bee811%2F.default&client_secret=<secret>&grant_type=client_credentials
回复:
{"access_token":"<jwt>","token_type":"Bearer","not_before":1706057659,"expires_in":3600,"expires_on":1706061259,"resource":"https://tenant.onmicrosoft.com/177da752-d895-4325-9aee-d6e459bee811"}
"aud": "https://tenant.onmicrosoft.com/177da752-d895-4325-8aee-d6e459bee811"这是设计使然吗?
提前致谢。
是的。
客户端凭据具有应用程序的上下文,而代码授予具有用户的上下文。
您提供的示例中的
audsub在您的情况下,由于您使用相同的客户端 ID 并且(假设)您在授权代码和客户端凭证流中针对相同的资源,因此您会期望两个令牌中的
audaudsub所以,长话短说:如果客户端要访问“api.my-domain.com”,那么这应该始终是 JWT 中的
aud