无法使用PowerShell获得https://management.azure.com/的刷新令牌
我正在尝试获取Access令牌并刷新"https://management.azure.com/"使用PowerShell的资源,但我获得了唯一的访问令牌.我也需要刷新令牌.我分享我的代码,如下所示.
I am trying to get Access token and refresh token for the "https://management.azure.com/" resource using PowerShell, but I am getting an only Access token. I need a refresh token as well. I share my code as below.
$clientID = '1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
$secretKey = 'kdfudifkldfliKASDFKkdfjd-ddkjfidysikd'
$tenantID = 'fxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
$password = ConvertTo-SecureString -String $secretKey -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($ClientID,$password)
Connect-AzureRmAccount -ServicePrincipal -Credential $credential -Tenant $tenantID
$authUrl = "https://login.windows.net/" + $tenantID + "/oauth2/token/"
$body = @{
"resource" = "https://management.azure.com/";
"grant_type" = "client_credentials";
"client_id" = $ClientID
"client_secret" = $secretKey
}
Write-Output "Getting Authentication-Token ..."
$adlsToken = Invoke-RestMethod -Uri $authUrl –Method POST -Body $body
Write-Output $adlsToken
------------输出-----------------
Getting Authentication-Token ...
token_type : Bearer
expires_in : 3599
ext_expires_in : 3599
expires_on : 1597999269
not_before : 1597995369
resource : https://management.azure.com/
access_token : J0uYFoioURT4CdISuUrRrr...
规范中规定了 Client Credentials (客户端凭据)授予类型必须不允许发布刷新令牌.因此,答案是,您必须使用其他授权类型来接收带有访问令牌的刷新令牌.
The spec states the Client Credentials grant type MUST NOT allow for the issuing of refresh tokens. So the answer is, you have to use a different grant type to receive a refresh token with your access token.
因此,建议您使用身份验证代码流,当您请求令牌时,它将返回刷新令牌给您.
Therefore, it is recommended that you use the auth code flow, which will return the refresh token to you when you request the token.
更新: