[英]can i use azure oauth2 client credentials flow to access the classic azure service management rest api?
here is the description of the azure oauth2 client credentials. 这是azure oauth2客户端凭据的描述。 https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service
i can issue a request to get the access token like this: 我可以发出如下请求以获得访问令牌:
POST /f2eae84a-d4b2-4f23-a74b-cdb32db66fd4/OAuth2/Token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
grant_type=client_credentials&client_id=e7ce6e44-3df6-4183-bcde-8e360fc7b685&client_secret=xxxxxxxxxxxxxxxxxxxxxxx&resource=https%3A%2F%2Fmanagement.core.windows.net%2F
it returns a access token succussfully 它成功返回访问令牌
but when i use that token to access the service management api like this: 但是当我使用该令牌访问服务管理API时,如下所示:
GET /30dc506b-71d0-47dc-ab86-1a1c0ce4bea1/services/storageservices HTTP/1.1
Host: management.core.windows.net
Authorization: Bearer XXXXXXXXXXXXXXXXXXX
Accept: application/json
Cache-Control: no-cache
it return a 403 它返回403
Yes, it should support. 是的,它应该支持。 You can refer this link about this topic like below: 您可以像下面这样引用有关此主题的链接 :
web/confidential clients run on a web server and can access resources under their own identity (for example, a service or daemon), or they can obtain delegated authorization to access resources under the identity of a signed-in user (for example, a web app). Web /机密客户端在Web服务器上运行,并且可以以其自己的身份(例如,服务或守护程序)访问资源,或者可以获取委派的授权以登录用户的身份(例如,网络应用)。
And since the document about service management API seems be update to the new version API. 并且由于有关服务管理API的文档似乎已更新为新版本的API。 I suggest that you use the new version of API by referring the first link. 我建议您通过引用第一个链接来使用新版本的API。 And to operate the specific resource, you need to assign the corresponding role to the service principal. 为了操作特定的资源,您需要为服务主体分配相应的角色。 For example, if you were developing with Azure API Management, you can refer this link for the relative roles. 例如,如果您正在使用Azure API管理进行开发,则可以参考此链接以获取相对角色。
And if you still have the problem, please feel free to let me know which specification operation you were developing. 如果仍然有问题,请随时让我知道您正在开发哪种规范操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.