[英]Calling API from python azure function with managed identity
I am trying to use a python azure function to call an API running on an Azure app service.我正在尝试使用 python azure 函数来调用在 Azure 应用服务上运行的 API。 (I have managed to get the webAPI to call the function-trigger (managed-identity and all that), but the function needs data that can be retrieved from the API.)
(我已经设法让 webAPI 调用函数触发器(托管标识等),但是该函数需要可以从 API 中检索的数据。)
In order to simplify authentication, my thought is to use the managed-identity within the python function and create a JWT that accompanies the requests.为了简化身份验证,我的想法是在 python 函数中使用托管标识并创建一个伴随请求的 JWT。
credential = DefaultAzureCredential()
token = credential.get_token("api://<APPLICATION_ID>/.default")
// make call to API using token as authorization
// response 200
This currently works.这目前有效。 APPLICATION_ID is registered within Azure AD.
APPLICATION_ID 在 Azure AD 中注册。
It feels wrong to request a token, using the functions APPLICATION_ID as a scope.使用函数 APPLICATION_ID 作为范围来请求令牌感觉不对。 When the API in reality has nothing to do with it.
当现实中的API与它无关时。 But my attempts at using any other scope is met with errors.
但是我尝试使用任何其他范围都遇到了错误。
It depends on the service/resource you want to access that decides the scope.这取决于您要访问的服务/资源来决定范围。
eg if you want to access storage, the scope is "https://storage.azure.com/.default".例如,如果你想访问存储,范围是“https://storage.azure.com/.default”。
(I work in Microsoft Azure SDK team) (我在 Microsoft Azure SDK 团队工作)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.