简体繁体 English

为 Exchange 管理 Shell cmdlet 获取 OAuth2 访问令牌

[英]Acquiring OAuth2 access tokens for Exchange Management Shell cmdlets

原文 2020-05-23 16:29:50 5 2 adal/ msal/ exchange-management-shell

In our python application, we use the Exchange Management Shell cmdlets to perform some tasks.在我们的 python 应用程序中，我们使用 Exchange 管理 Shell cmdlet 来执行一些任务。 (In fact, the python application runs.Net application, which calls the Exchange Management Shell cmdlets.) Currently we use basic authentication with the New-PSSession cmdlet. （实际上，python 应用程序运行.Net 应用程序，它调用 Exchange 管理 Shell cmdlet。）目前我们使用 New-PSSession cmdlet 进行基本身份验证。 On the other hand, we are already acquiring OAuth2 access tokens for different APIs and resources.另一方面，我们已经为不同的 API 和资源获取了 OAuth2 访问令牌。 Now we would like to use OAuth2 authentication with the Exchange Management Shell cmdlets.现在我们想将 OAuth2 身份验证与 Exchange 管理 Shell cmdlet 一起使用。

We had a look at this article[1].我们看过这篇文章[1]。

However we have a few questions:但是我们有几个问题：

Is there a way to get access tokens without using ADAL and MSAL?有没有办法在不使用 ADAL 和 MSAL 的情况下获取访问令牌？
Is there a way to get a new access token using a refresh token?有没有办法使用刷新令牌获取新的访问令牌？
It seems there is no chance to use an external(system) browser, isn't there?似乎没有机会使用外部（系统）浏览器，不是吗？ Thank you in advance.先感谢您。

[1] https://developermessaging.azurewebsites.net/2018/09/07/acquiring-oauth2-access-tokens-for-automating-exchange-management-shell-cmdlets/?unapproved=96&moderation-hash=9250fbdda0e11fd8af9bafd4c3576139#review-96 [1] https://developermessaging.azurewebsites.net/2018/09/07/acquiring-oauth2-access-tokens-for-automating-exchange-management-shell-cmdlets/?unapproved=96&moderation-hash=9250fbdda0e351fd8af9#review-d4c 96

2 个解决方案

MSAL and ADAL are libraries which are designed for authenticating through OAuth and Yes you can get token without using MSAL or ADAL by directly using OAuth.you can directly use Oauth and OpenID Connect . MSAL 和 ADAL 是专为通过 OAuth 进行身份验证而设计的库，是的，您无需使用 MSAL 或 ADAL 即可直接使用 OAuth 获取令牌。您可以直接使用Z0BF36561863BC6F82C18B4D3763A6B7 Connect It is very easy to code by managing Get and Post requests from URLs.通过管理来自 URL 的 Get 和 Post 请求来编写代码非常容易。
Refresh tokens are used to get a new access token when your current access token expires.当您当前的访问令牌过期时，刷新令牌用于获取新的访问令牌。 For more information, see the document .有关详细信息，请参阅文档。
Using of a Browser depends on auth flow you are using.浏览器的使用取决于您使用的身份验证流程。 For example Device code flow does not require browser.例如设备代码流不需要浏览器。

Oh, in fact, everything is very simple:哦，其实一切都很简单：

Request for an authorization code: https://login.microsoftonline.com/common/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A55555&client_id=a0c73c16-a7e3-4564-9a95-2bdf47383716&response_type=code请求授权码： https://login.microsoftonline.com/common/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A55555&client_id=a0c73c16-a7e3-4564-9a95-2bdf47383716&response_type=code
Request for an access token:请求访问令牌：
- URL: https://login.microsoftonline.com/common/oauth2/token URL： https://login.microsoftonline.com/common/oauth2/token
- body: resource=https%3A%2F%2Foutlook.office365.com&client_id=a0c73c16-a7e3-4564-9a95-2bdf47383716&redirect_uri=http%3A%2F%2Flocalhost%3A9999&code=YOUR_AUTHORIZATION_CODE&client_secret=&grant_type=authorization_code正文： resource=https%3A%2F%2Foutlook.office365.com&client_id=a0c73c16-a7e3-4564-9a95-2bdf47383716&redirect_uri=http%3A%2F%2Flocalhost%3A9999&code=YOUR_AUTHORIZATION_CODE&client_secret=&grant_type=authorization_code