使用PowerShell无法获取https://management.azure.com/的刷新令牌

问题描述

我正在尝试使用PowerShell获取“ https://management.azure.com/”资源的访问令牌和刷新令牌，但是我却获得了唯一的访问令牌。我也需要刷新令牌。我分享我的代码如下。

$clientID = '1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
$secretKey = 'kdfudifkldfliKASDFKkdfjd-ddkjfidysikd'
$tenantID = 'fxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

$password = ConvertTo-securestring -String $secretKey -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($ClientID,$password)
Connect-AzureRmAccount -ServicePrincipal -Credential $credential -Tenant $tenantID

$authUrl = "https://login.windows.net/" + $tenantID + "/oauth2/token/"
$body = @{
   "resource" = "https://management.azure.com/";
   "grant_type" = "client_credentials";
   "client_id" = $ClientID
   "client_secret" = $secretKey
}

Write-Output "Getting Authentication-Token ..." 
$adlsToken = Invoke-RestMethod -Uri $authUrl –Method POST -Body $body
Write-Output $adlsToken

------------输出-----------------

Getting Authentication-Token ...
token_type     : Bearer
expires_in     : 3599
ext_expires_in : 3599
expires_on     : 1597999269
not_before     : 1597995369
resource       : https://management.azure.com/
access_token   : J0uYFoIoURT4CdisuUrRrr...

解决方法

该规范规定了 Client Credentials （客户端凭据）授予类型必须不允许发布刷新令牌。因此，答案是，您必须使用其他授权类型来接收带有访问令牌的刷新令牌。

因此，建议您使用auth code flow，它会在您请求令牌时返回刷新令牌。

更新：

access-token azure-active-directory oauth-2.0 powershell powershell refresh-token