使用 Python 从 Azure AD 获取 JWT 令牌
[英]Obtaining JWT token from Azure AD using Python
问题描述
I am working on an application that needs to obtain a bearer token form Azure AD.
我正在开发一个需要从 Azure AD 获取不记名令牌的应用程序。 Right now I have everything set in Azure and I can generate/obtain the token using Postman (see picture)现在我在 Azure 中设置了所有内容,我可以使用 Postman 生成/获取令牌(见图)
However, and this is my struggle, I am having problems obtaining the token programmatically using Python.但是,这是我的挣扎,我在使用 Python 以编程方式获取令牌时遇到问题。 The code below is what I have tried, with some variations of what to iinclude as fields in the request_payload, without any luck下面的代码是我尝试过的,在 request_payload 中包含的内容有一些变化,但没有任何运气
import json
import requests
#TOKEN_URL = "https://login.microsoftonline.com/organizations/oauth2/v2.0/token"
TOKEN_URL = "https://login.microsoftonline.com/41ff26dc-250f/oauth2/token?resource=https://graph.windows.net"
RESOURCE_URL = "https://login.microsoftonline.com/41ff26dc-739be8610c21/oauth2/authorize?resource=https://graph.windows.net"
def authenticate():
request_payload = {
"callback_url" : "https://localhost",
"auth_url" : "https://login.microsoftonline.com/41ff26dc-250fc21/oauth2/authorize?resource=https://graph.windows.net",
"access_token_url" : "https://login.microsoftonline.com/41ff26dc-739be8610c21/oauth2/token?resource=https://graph.windows.net",
"username": MY USER NAME,
"password": MY PASSWORD,
"resource": RESOURCE_URL,
"grant_type": "Authorization_Code",
"client_id": 'e0d00a8e-b799-4285-be3f-eb5822aaa86e',
"client_secret": '-n24Y2is~p5Jk7~6kYcp4~q2lrmnRCXoW_'}
response = requests.post(url=TOKEN_URL, data=request_payload).json()
print(response)
bearer_token = response["access_token"]
print(bearer_token)
return bearer_token
print(authenticate())
This is the error I get when I fill in my credentials (MY USER NAME and MY PASSWORD) appropriately这是我正确填写凭据(我的用户名和我的密码)时遇到的错误
{'error': 'invalid_request', 'error_description': "AADSTS900144: The request body must contain the following parameter: 'code'.\r\nTrace ID: d84b06a7-1c45-4657-bb3f-085248de5d01\r\nCorrelation ID: e431a09a-07dc-4c12-bf19-3b8ff7e7c358\r\nTimestamp: 2020-06-25 21:55:25Z", 'error_codes': [900144], 'timestamp': '2020-06-25 21:55:25Z', 'trace_id': 'd84b06a7-1c45-4657-bb3f-085248de5d01', 'correlation_id': 'e431a09a-07dc-4c12-bf19-3b8ff7e7c358', 'error_uri': 'https://login.microsoftonline.com/error?code=900144'}
Any thoughts, suggestions or leads are very much appreciated.非常感谢任何想法、建议或线索。 Like I said before, I am not sure what fields should I put in the payload, I am not even sure what are all possible fields to try there either.就像我之前说的,我不确定应该在有效负载中放入哪些字段,我什至不确定在那里尝试所有可能的字段。
1 个解决方案
解决方案1
0 2020-06-25 23:59:38
Please follow this document for auth code flow请按照此文档获取身份验证代码流程
you need to send below你需要在下面发送
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345
please refer to this python sample请参考此python 样品
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.