douhuang2282 2018-01-19 09:04
浏览 355

如何使用Azure Active Directory登录

I am using: https://github.com/thephpleague/oauth2-client and https://github.com/TheNetworg/oauth2-azure to allow users to register/login using their MS accounts.

I have the first bit working: Users click the login with MS button. Request is then sent and received for auth code. Request is then sent and received for token.

I then create a new user in my application and log them in.

What should happen the second time they visit my application? Should they click the button again and somehow be logged in using the token?

  • 写回答

1条回答 默认 最新

  • doutao1282 2018-01-19 09:23
    关注

    If they still have an active session cookie, they probably won't need to re-authenticate. But it depends. If you need a new access token and can't use a refresh token to do so, you will need them to do the authentication again.

    To re-authenticate, they will click the button and go through same flow.

    The important thing that you need to do on your app's side is:

    1. User logged in
    2. Get the object identifier claim value from the oid claim
    3. Check with the object id if the user exists already
    4. If they don't, create the data for them

    The oid claim will be in the ID token that you can ask for when authenticating, and you also get it when you exchange the authorization code for an access token.

    Documentation on claims in ID tokens: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-token-and-claims#idtokens

    评论

报告相同问题?

悬赏问题

  • ¥20 sub地址DHCP问题
  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式
  • ¥30 数值计算均差系数编程
  • ¥15 redis-full-check比较 两个集群的数据出错
  • ¥15 Matlab编程问题
  • ¥15 训练的多模态特征融合模型准确度很低怎么办
  • ¥15 kylin启动报错log4j类冲突
  • ¥15 超声波模块测距控制点灯,灯的闪烁很不稳定,经过调试发现测的距离偏大