영업: 1-800-867-1380

OAuth 2.0 in Azure AD

업데이트 날짜: 2014년 4월

Azure Active Directory (Azure AD) uses OAuth 2.0 to enable you to authorize access to web applications and web APIs in your Azure AD tenant. The Azure AD implementation of OAuth 2.0 complies with OAuth 2.0 RFC 6749 and is extended to protect third-party web APIs This design lets you use AAD as a complete security platform for the web apps and web APIs that you develop.

If you're not familiar with OAuth 2.0, start by reading the spec: OAuth 2.0. The topics in this section assume that you know a bit about OAuth 2.0 and its terminology, and they explain how Azure AD implements and extends OAuth 2.0.

The topics in this section show you how to assemble the requests and use the responses. Typically, the APIs you use, such as Azure AD Authentication Library for .NET, handle these details for you, but it's useful to understand what is going on in the background, especially for debugging and on platforms that don't have appropriate library support.

In this section:

  • Authorization Code Grant Flow: Native client applications and web sites use a flow in which an authorization code represents the resource owner's consent to allow the application to access a resource. The application gets the authorization code from Azure AD, and then exchanges it for an access token that provides access to the resource. The application never sees the user's credentials and the user's agent or browser environment never sees the access token.

  • Service to Service Calls Using Client Credentials: The OAuth 2.0 Client Credentials Grant flow permits a web service (a confidential client) to use its own credentials to authenticate when calling another web service, instead of impersonating a user. In this scenario, the client is typically a middle-tier web service, a daemon service, or web site.

  • Refresh Tokens for Multiple Resources: This feature allows you to use a single refresh token to request access tokens for multiple resources.

  • Error Handling in OAuth 2.0: This section describes the errors that you might receive from authorization endpoints, token issuance endpoints, and secured resources, and explains how to handle them.

  • Best Practices for OAuth 2.0 in Azure AD: This topic explains "best practice" behavior when using OAuth 2.0 in Azure AD. These recommendations help you to get the most out of OAuth 2.0 and to avoid common pitfalls.

참고 항목

이 정보가 도움이 되었습니까?
(1500자 남음)
의견을 주셔서 감사합니다.
Microsoft는 MSDN 웹 사이트에 대한 귀하의 의견을 이해하기 위해 온라인 설문 조사를 진행하고 있습니다. 참여하도록 선택하시면 MSDN 웹 사이트에서 나가실 때 온라인 설문 조사가 표시됩니다.

참여하시겠습니까?
표시:
© 2014 Microsoft