使用获得的 oauth2 令牌访问用户的 Azure Blob 存储
[英]Access Azure Blob storage of a user using oauth2 token obtained
问题描述
In Azure blob storage what I need is to get the access token when a user signs into his account, and by using this access token to perform list/upload/download the files in user blob storage.(Similar to what we can do in Dropbox/Google drive).
在 Azure blob 存储中,我需要的是在用户登录他的帐户时获取访问令牌,并通过使用此访问令牌来执行列表/上传/下载用户 blob 存储中的文件。(类似于我们在 Dropbox 中可以执行的操作/谷歌驱动器)。 Using the given request user authentication I am getting the code,使用给定的请求用户身份验证我得到了代码,
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=client_id&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fstorage.azure.com%2Fuser_impersonation&state=12345
And the code is used to get the token using the below request该代码用于使用以下请求获取令牌
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=client_id&scope=openid%20offline_access%20https%3A%2F%2Fstorage.azure.com%2Fuser_impersonation&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&grant_type=authorization_code&client_secret=client_secret
But when I call get request to list using https://account_name.blob.core.windows.net/container_name?restype=container&comp=list I am getting server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature但是,当我使用https://account_name.blob.core.windows.net/container_name?restype=container&comp=list调用 get 请求列出时,我发现server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature . server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature 。 How to access the files in the blob storage using the token obtained?如何使用获得的令牌访问 blob 存储中的文件? Can we do this using python?我们可以使用python来做到这一点吗?
1 个解决方案
解决方案1
1 已采纳 2019-12-20 03:00:12
If you want to access Azure blob storage with Azure AD, please refer to the following steps:如果要使用 Azure AD 访问 Azure blob 存储,请参考以下步骤:
Register Azure AD application
注册 Azure AD 应用程序Configure Azure APplication
配置 Azure 应用程序a.
一种。 Configure permissions配置权限Configure RABC role for the user
为用户配置 RABC 角色
az role assignment create \
--role "Storage Blob Data Contributor" \
--assignee <email> \
--scope "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>
- Get token a.获取令牌a。 get code获取代码
b.https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize? client_id=<> &response_type=code &redirect_uri=http://localhost:3000/ &response_mode=query &scope=https://storage.azure.com/user_impersonation &state=12345湾get token获取令牌Post https://login.microsoftonline.com/<>/oauth2/v2.0/token client_id=<> &scope=https://storage.azure.com/user_impersonation &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr... &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F &grant_type=authorization_code &client_secret=<> - Call Azure blob rest api调用 Azure blob rest api
Get https://myaccount.blob.core.windows.net/mycontainer/myblob
Headers :
Authorization: Bearer <>
x-ms-version: 2019-02-02
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.