azure - 从 Azure AD B2B 验证令牌颁发者

问题描述

我正在尝试验证从 Azure AD B2B 订阅获得的访问令牌，我使用的是版本 2 "accessTokenAcceptedVersion": 2,。

我目前的验证在启动课程中进行

 services
            .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(o =>
            {
                o.Audience = "application_id";
                o.Authority = "https://login.microsoftonline.com/tenant_id";
                o.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true };

            });

令牌颁发者未验证

 www-authenticate: Bearer error="invalid_token"error_description="The issuer 'https://login.microsoftonline.com/tanant_id/v2.0' is invalid" 

授权网址

https://login.microsoftonline.com/tanant_id/oauth2/authorize

范围在 Azure AD 中定义并由应用程序使用。

 c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
                {
                    Type = SecuritySchemeType.OAuth2,
                    Flows = new OpenApiOAuthFlows
                    {
                        Implicit = new OpenApiOAuthFlow
                        {
                            AuthorizationUrl = uri,
                            Scopes = new Dictionary<string, string>
                             {
                                { "Access_api", "Admins and users" },
                             }
                        }
                    }
                });

我不确定是什么原因造成的？

标签： azuretokenbearer-tokenazure-ad-b2b