堆栈内存溢出
  简体   繁体   English

我可以使用azure oauth2客户端凭据流访问经典的azure服务管理rest api吗?

[英]can i use azure oauth2 client credentials flow to access the classic azure service management rest api?

 原文  2017-05-03 14:55:08       azure/ oauth-2.0/ azure-active-directory

问题描述

here is the description of the azure oauth2 client credentials. 这是azure oauth2客户端凭据的描述。 https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service

i can issue a request to get the access token like this: 我可以发出如下请求以获得访问令牌: 

POST /f2eae84a-d4b2-4f23-a74b-cdb32db66fd4/OAuth2/Token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

grant_type=client_credentials&client_id=e7ce6e44-3df6-4183-bcde-8e360fc7b685&client_secret=xxxxxxxxxxxxxxxxxxxxxxx&resource=https%3A%2F%2Fmanagement.core.windows.net%2F

it returns a access token succussfully 它成功返回访问令牌

but when i use that token to access the service management api like this: 但是当我使用该令牌访问服务管理API时,如下所示: 

GET /30dc506b-71d0-47dc-ab86-1a1c0ce4bea1/services/storageservices HTTP/1.1
Host: management.core.windows.net
Authorization: Bearer XXXXXXXXXXXXXXXXXXX
Accept: application/json
Cache-Control: no-cache

it return a 403 它返回403

1 个解决方案

解决方案1
 0  2017-05-04 03:02:50

Yes, it should support. 是的,它应该支持。 You can refer this link about this topic like below: 您可以像下面这样引用有关此主题的链接

web/confidential clients run on a web server and can access resources under their own identity (for example, a service or daemon), or they can obtain delegated authorization to access resources under the identity of a signed-in user (for example, a web app). Web /机密客户端在Web服务器上运行,并且可以以其自己的身份(例如,服务或守护程序)访问资源,或者可以获取委派的授权以登录用户的身份(例如,网络应用)。

And since the document about service management API seems be update to the new version API. 并且由于有关服务管理API的文档似乎已更新为新版本的API。 I suggest that you use the new version of API by referring the first link. 我建议您通过引用第一个链接来使用新版本的API。 And to operate the specific resource, you need to assign the corresponding role to the service principal. 为了操作特定的资源,您需要为服务主体分配相应的角色。 For example, if you were developing with Azure API Management, you can refer this link for the relative roles. 例如,如果您正在使用Azure API管理进行开发,则可以参考此链接以获取相对角色。

And if you still have the problem, please feel free to let me know which specification operation you were developing. 如果仍然有问题,请随时让我知道您正在开发哪种规范操作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure 数据工厂 - REST 链接服务 - OAuth2 客户端凭据 - Azure Data Factory - REST Linked Service - OAuth2 Client Credentials Azure Active Directory Oauth 2.0 客户端凭证流与 API 管理访问令牌问题 - Azure Active Directory Oauth 2.0 Client Credentials Flow with API Management Access Token issue Azure AD OAuth 客户端凭据授予流程 - Azure AD OAuth Client Credentials Grant flow Azure API管理中的OAuth2身份验证 - OAuth2 Authentication at Azure API Management 我正在尝试使用 OAuth2 保护探索 azure API 管理我无法理解它的工作流程 - I'm trying to explore azure API management with OAuth2 protection I'm not able to understand it's work flow 无法使用 Azure AD 和客户端凭据流为特定 scope 请求 OAuth2 令牌 - Cant request OAuth2 token for specific scope with Azure AD and Client Credentials flow 如何在 angular 中使用 azure 服务但使用客户端凭据授予流程? - how to use azure service in angular but with Client Credentials Grant flow? 我可以使用Javascript调用Azure管理REST API吗? - Can I use Javascript call the Azure management REST API? 使用Azure AAD OAuth2与Azure服务管理API进行身份验证 - Authenticate with Azure Service Management APIs using Azure AAD OAuth2 通过AD Oauth的Azure Service Management API访问失败 - Azure Service Management API access via AD Oauth fails
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM