方案:调用 Web API 的 Web APIScenario: A web API that calls web APIs

了解构建调用 Web API 的 Web API 所需的一切。Learn what you need to know to build a web API that calls web APIs.

必备条件Prerequisites

此方案(受保护的 Web API 调用 Web API)基于“保护 Web API”方案。This scenario, in which a protected web API calls web APIs, builds on top of the "Protect a web API" scenario. 若要详细了解此基础方案,请参阅方案:受保护的 Web APITo learn more about this foundational scenario, see Scenario: Protected web API.

概述Overview

  • Web、桌面、移动或单页应用程序客户端(附图中未提供)调用受保护的 Web API 并在其“Authorization”HTTP 标头中提供 JSON Web 令牌 (JWT) 持有者令牌。A web, desktop, mobile, or single-page application client (not represented in the accompanying diagram) calls a protected web API and provides a JSON Web Token (JWT) bearer token in its "Authorization" HTTP header.
  • 受保护的 Web API 将验证该令牌并使用 Microsoft 身份验证库 (MSAL) AcquireTokenOnBehalfOf 方法来从 Azure Active Directory (Azure AD) 请求另一个令牌,以便受保护的 Web API 可以代表用户调用另一个 Web API 或下游 Web API。The protected web API validates the token and uses the Microsoft Authentication Library (MSAL) AcquireTokenOnBehalfOf method to request another token from Azure Active Directory (Azure AD) so that the protected web API can call a second web API, or downstream web API, on behalf of the user.
  • 受保护的 Web API 稍后也可以代表同一用户调用 AcquireTokenSilent 来请求其他下游 API 的令牌。The protected web API can also call AcquireTokenSilentlater to request tokens for other downstream APIs on behalf of the same user. AcquireTokenSilent 在需要时刷新令牌。AcquireTokenSilent refreshes the token when needed.

调用 Web API 的 Web API 的图示

详情Specifics

与 API 权限相关的应用注册部分很经典。The app registration part that's related to API permissions is classical. 应用配置涉及使用 OAuth 2.0 代理流将 JWT 持有者令牌与下游 API 的令牌进行交换。The app configuration involves using the OAuth 2.0 On-Behalf-Of flow to exchange the JWT bearer token against a token for a downstream API. 此令牌会添加到令牌缓存中,在缓存中可供 Web API 的控制器使用,然后它可以在无提示的情况下获取令牌来调用下游 API。This token is added to the token cache, where it's available in the web API's controllers, and it can then acquire a token silently to call downstream APIs.

后续步骤Next steps