我已经设置了一个类似于 Microsoft 的以下示例的项目,其中我有一个本机应用程序请求使用 v2.0 端点访问 Web api:https://github.com/azureadquickstarts/appmodelv2-nativeclient-dotnet https://github.com/azureadquickstarts/appmodelv2-nativeclient-dotnet
我已使用在 AAD 中注册的帐户(而不是 Microsoft 帐户)成功登录 AAD。我确实收到了一份索赔清单。但是,upn 声明和电子邮件声明丢失。我正在使用 jwt.ms 来分析索赔,这是我从索赔中收到的信息:
{
"typ": "JWT",
"alg": "RS256",
"kid": "1LTMzakihiRla_8z2BEJVXeWMqo"
}.{
"aud": "Client ID/ App ID",
"iss": "https://login.microsoftonline.com/tenantid/v2.0",
"iat": 1534758037,
"nbf": 1534758037,
"exp": 1534761937,
"aio": "ATQAy/8IAAAA+PZj+5vnrUwDfqTTKNBDcy0Tl7rOztkxzrb9YWXHVlevKwrlsGBP/gYAvL4bwr2G",
"azp": "Client ID/ App ID",
"azpacr": "0",
"e_exp": 262800,
"name": "xxx yyy",
"oid": "9cc37e1d-0490-4cf4-9bb8-c872899dee91",
"preferred_username": "[email protected] /cdn-cgi/l/email-protection",
"scp": "access_as_user",
"sub": "2l0nasrd8QbBpiEu1RGLFCavj3SzTzizIgmKAiMbdU0",
"tid": "tenantid",
"uti": "HG2cIi_MGUyBxBl6MzFPAA",
"ver": "2.0"
}.[Signature]
我不明白为什么我在索赔中没有收到 UPN。我真的很感激任何帮助!