This document summarizes Microsoft Azure Active Directory's support for OpenID Connect. Key points include:
- Azure AD can function as an identity provider supporting protocols like SAML, WS-Federation, and OpenID Connect.
- It also functions as an authorization server, allowing applications to register as protected resources.
- OpenID Connect support in Azure AD allows using the authorization code flow and retrieving tokens to call APIs on behalf of signed-in users.
- The document provides an example workflow using OWIN middleware and notifications in an ASP.NET MVC application.
13. WebAPIの登録とパーミッションの登録
"appPermissions": [
{
"claimValue": "user_impersonation",
"description": "Allow the application full access to the Todo List service on behalf of the signed-in user",
"directAccessGrantTypes": [],
"displayName": "Have full access to the Todo List service",
"impersonationAccessGrantTypes": [{"impersonated": "User","impersonator": "Application"}],
"isDisabled": false,
"origin": "Application",
"permissionId": "b69ee3c9-c40d-4f2a-ac80-961cd1534e40",
"resourceScopeType": "Personal",
"userConsentDescription": "Allow the application full access to the todo service on your behalf",
"userConsentDisplayName": "Have full access to the todo service"
}],
19. まとめ
• Active Directoryにも2つあります
• Windows Server Active Directory
• Microsoft Azure Active Directory
• Microsoft Azure Active Directoryには以下の機能があります(他に
もあるけど)
• Identity Provider(ディレクトリ、複数プロトコルサポート、MFA…)
• Authorization Server
• クライアント・ライブラリも用意されています
• OpenID Connect対応はプレリリース。まだ汎用性は…?