向 Microsoft 标识平台注册应用程序Register an application with the Microsoft identity platform

在本页中,介绍了如何通过 Azure 门户中的应用注册体验添加和注册应用程序,从而让应用能够与 Microsoft 标识平台翔集成并调用 Microsoft Graph。This page shows you how to add and register an application using the App registrations experience in the Azure portal so that your app can be integrated with the Microsoft identity platform and call Microsoft Graph.

在 Azure 门户中注册新的应用程序Register a new application using the Azure portal

  1. 使用工作/学校帐户或 Microsoft 个人帐户登录到 Azure 门户Sign in to the Azure portal using either a work or school account or a personal Microsoft account.

  2. 如果你的帐户有权访问多个租户,请在右上角选择该帐户,并将门户会话设置为所需的 Azure AD 租户。If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Azure AD tenant that you want.

  3. 在左侧导航窗格中,选择 Azure Active Directory 服务,然后选择 “应用注册”>“新注册”In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations > New registration.

  4. 出现“注册应用程序”页面后,输入应用程序的注册信息:When the Register an application page appears, enter your application's registration information:

    • 名称 - 输入一个会显示给应用用户的有意义的应用程序名称。Name - Enter a meaningful application name that will be displayed to users of the app.

    • 支持的帐户类型 - 选择希望应用程序支持的具体帐户。Supported account types - Select which accounts you would like your application to support.

      支持的帐户类型Supported account types 说明Description
      仅限此组织目录中的帐户Accounts in this organizational directory only 若要生成业务线 (LOB) 应用程序,请选择此选项。Select this option if you're building a line-of-business (LOB) application. 如果不在目录中注册应用程序,则此选项不可用。This option is not available if you're not registering the application in a directory.

      此选项映射到仅限 Azure AD 的单租户。This option maps to Azure AD only single-tenant.

      这是默认选项,除非你是在目录外部注册应用。This is the default option unless you're registering the app outside of a directory. 如果在目录外部注册应用,则默认设置为 Azure AD 多租户和 Microsoft 个人帐户。In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts.
      任何组织目录中的帐户Accounts in any organizational directory 若想要面向所有企业和教育客户,请选择此选项。Select this option if you would like to target all business and educational customers.

      此选项映射到仅限 Azure AD 的多租户。This option maps to an Azure AD only multi-tenant.

      如果已将应用注册为仅限 Azure AD 的单租户,则可通过“身份验证”边栏选项卡将其更新为 Azure AD 多租户,再更新回单租户。If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the Authentication blade.
      任何组织目录中的帐户和 Microsoft 个人帐户Accounts in any organizational directory and personal Microsoft accounts 若要面向最广泛的客户,请选择此选项。Select this option to target the widest set of customers.

      此选项映射到 Azure AD 多租户和 Microsoft 个人帐户。This option maps to Azure AD multi-tenant and personal Microsoft accounts.

      如果已将应用注册为 Azure AD 多租户和 Microsoft个人 帐户,则不能在 UI 中更改此项,If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. 而只能使用应用程序清单编辑器来更改支持的帐户类型。Instead, you must use the application manifest editor to change the supported account types.
    • 重定向 URI(可选) - 选择要生成的应用的类型:“Web”或“公共客户端(移动和桌面)”,然后输入应用程序的重定向 URI(或回复 URL)。Redirect URI (optional) - Select the type of app you're building, Web or Public client (mobile & desktop), and then enter the redirect URI (or reply URL) for your application.

      • 对于 Web 应用程序,请提供应用的基 URL。For web applications, provide the base URL of your app. 例如,http://localhost:31544 可以是本地计算机上运行的 Web 应用的 URL。For example, http://localhost:31544 might be the URL for a web app running on your local machine. 用户将使用此 URL 登录到 Web 客户端应用程序。Users would use this URL to sign in to a web client application.
      • 对于公共客户端应用程序,请提供 Azure AD 返回令牌响应时所用的 URI。For public client applications, provide the URI used by Azure AD to return token responses. 输入特定于应用程序的值,例如 myapp://authEnter a value specific to your application, such as myapp://auth.

      若要查看 Web 应用程序或本机应用程序的特定示例,请参阅快速入门To see specific examples for web applications or native applications, check out our quickstarts.

  5. 完成后,选择“注册”。When finished, select Register.

    在 Azure 门户中注册新的应用程序Register a new application in the Azure portal

Azure AD 会将唯一的应用程序(客户端)ID 分配给应用,同时你会转到应用程序的“概览”页。Azure AD assigns a unique application (client) ID to your app, and you're taken to your application's Overview page. 若要向应用程序添加其他功能,可选择品牌、证书和机密、API 权限等其他配置选项。To add additional capabilities to your application, you can select other configuration options including branding, certificates and secrets, API permissions, and more.

新注册应用的概览页Newly registered app's overview page

平台特定的属性Platform-specific properties

下表显示了针对不同类型的应用需要配置和复制的属性。_已分配_表示你应该使用由 Azure AD 分配的值。The following table shows the properties that you need to configure and copy for different kinds of apps. Assigned means that you should use the value assigned by Azure AD.

应用类型App type 平台Platform 应用程序(客户端)IDApplication (client) ID 客户端密码Client Secret 重定向 URI/URLRedirect URI/URL 隐式流Implicit Flow
本机/移动Native/Mobile 本机Native 已分配Assigned No 已分配Assigned No
Web 应用Web App WebWeb 已分配Assigned Yes Yes 可选Optional
Open ID Connect 中间件默认使用混合流(是)Open ID Connect middleware uses hybrid flow by default (Yes)
单页应用 (SPA)Single Page App (SPA) WebWeb 已分配Assigned Yes Yes Yes
SPA 使用 Open ID Connect 隐式流SPAs use Open ID Connect implicit Flow
服务/守护程序Service/Daemon WebWeb 已分配Assigned Yes Yes No

后续步骤Next steps