查看应用程序身份验证库更改Review app authentication library changes

本文是 第3步:查看迁移应用程序的应用程序详细信息的第3步:查看过程的详细信息。This article is part of step 3: review app details of the process to migrate apps.

大多数应用使用身份验证库来获取和管理访问令牌,以调用 Microsoft Graph。Most apps use an authentication library to acquire and manage access tokens to call Microsoft Graph. Microsoft 提供了两个身份验证库:Microsoft offers two authentication libraries:

更新 ADALUpdating ADAL

如果你的应用当前使用 ADAL,请使用两阶段迁移方法:If your app currently uses ADAL, use a two-stage migration approach:

  1. 更新您的应用程序以获取 Microsoft Graph 的访问令牌。Update your app to acquire access tokens for Microsoft Graph. 继续使用 ADAL 执行此步骤。Continue to use ADAL for this step. 更新 resourceURL,其中包含表示资源 web API 的 URI,从:Update the resourceURL, which holds the URI representing the resource web API, from:

    https://graph.windows.net

    收件人:To:

    https://graph.microsoft.com

    在此更改之后,新获取的令牌具有相同的作用域,但访问令牌的访问群体现在是 Microsoft Graph。Newly acquired tokens have the same scopes after this change, but the audience of the access tokens is now Microsoft Graph.

    更新 resourceURL 和已验证的功能后,发布临时更新以获取用户的 up 和 runnning。Once you've updated resourceURL and verified functionality, release an interim update to get your users up and runnning.

  2. 接下来,开始将应用程序迁移到使用 MSAL (即,支持的库可供将来使用),现在将 ADAL 弃用。Next, begin work migrating your app to use MSAL, which is the supported library to use moving forward, now that ADAL is deprecated.

迁移到 MSALMigrating to MSAL

MSAL 提供了多个优于 ADAL 的优势,包括增量许可、更丰富的单一登录体验、对个人 Microsoft 帐户的支持、使用基于标准的协议等。MSAL provides multiple benefits over ADAL, including incremental consent, richer single sign-on experiences, support for personal Microsoft accounts, use of standards-based protocols and so on.

当您将应用程序切换到 MSAL 时,您需要进行一些更改,包括在令牌 acquistion 请求中设置 scope 参数:When you switch your app over to MSAL, you'll need to make a few changes, including setting the scopes parameter in the token acquistion request:

var scopes = new string[] { "https://graph.microsoft.com/.default" };

上面的表达式将权限范围请求限制为在 Azure 门户中的应用程序注册过程中配置的请求,并将现有用户保存为不得不再次同意您的应用程序。The expression above limits the permission scopes request to those configured during application registration in the Azure Portal, and saves your existing users from having to consent to your app again.

请参阅 将 ADAL 迁移到 MSAL ,以在过程中提供直接和广泛的帮助,包括故障排除和帮助常见错误。See Migrating ADAL to MSAL for direct and extensive help with the process, including troubleshooting and help with common errors.

迁移到 MSAL 后,您可以动态请求其他作用域,并且在下次使用您的应用程序时,系统会提示用户提供增量许可。Once you've migrated to MSAL, you can request additional scopes dynamically, and users are prompted to provide incremental consent the next time they use your app.

后续步骤Next Steps