问题
I am trying to make usage of the state parameter which exists in OAuth2.0 authorization flow on a .NET Core project, using MSAL 4.0 but I couldn`t find a way to do it.
I want to provide/append a custom value (Redirect the user back to the Uri where they clicked the sign-in button, after AuthN succeeds).
To do that, I would also need to send the current Uri in 'state' and retrieve the state value back, but I don't see any method/property on AuthenticationResult.cs that would hold it.
So, how can I use the state parameter with custom data on a .NET Core project using MSAL?
回答1:
You don't need to use it, it's an optional security feature. MSAL.net employs 2 mechanism to prevent against attacks such as XSRF and man-in-the-middle: state and PKCE.
The state param is simply returned back by AAD. MSAL will compare the state param in the request with the state param in the authorisation code response.
来源:https://stackoverflow.com/questions/56798275/how-to-use-oauth-state-parameter-on-msal-net