stackoom
  简体   繁体   中英

How do you get authentication bearer using a username and password for the Azure Blockchain Workbench using ADAL in python?

 原文  2019-08-09 07:11:59       python/ azure/ adal/ azure-blockchain-workbench

Question

I have been trying to perform some contracts on my Azure Blockchain Workbench from Python. I have been unable to figure out how to use this method. adal.acquire_token_with_username_password()

I need to first perform an Authentication to get the bearer for making further API calls. It works perfectly using this context.acquire_token_with_client_credentials(client_id,client_id,client_secret) However, the above bearer token isn't associated with any registered user.

however, to perform admin tasks like adding new users, one has to obtain the bearer for the admin account. So I thought of using acquire_token_with_username_password() so that I get the admin account's bearer. 

import adal
import swagger_client
from swagger_client.api_client import ApiClient
context = adal.AuthenticationContext("https://login.microsoftonline.com/kumarshobhit98outlook.onmicrosoft.com/",api_version=None)
client_id="c62087b9-cfed-4105-a9c2-4fd3953ceed5"
token = context.acquire_token_with_username_password(resource='https://graph.windows.net',username="shobhit@kumarshobhit98outlook.onmicrosoft.com",password="password",client_id=client_id)
print(token['accessToken'])

I guess maybe the Resource parameter is incorrect. I do not know what the parameter means. Also this is there error that i get, 

Traceback (most recent call last):
  File "f:/codefundo2019/voting-system-blockchain/contractsShobhit/python/regVoter.py", line 8, in <module>
    token = context.acquire_token_with_username_password(resource='https://graph.windows.net',username="shobhit@kumarshobhit98outlook.onmicrosoft.com",password="Alonso123",client_id=client_id)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\authentication_context.py", line 164, in acquire_token_with_username_password
    return self._acquire_token(token_func)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\authentication_context.py", line 128, in _acquire_token
    return token_func(self)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\authentication_context.py", line 162, in token_func
    return token_request.get_token_with_username_password(username, password)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\token_request.py", line 281, in get_token_with_username_password
    token = self._get_token_username_password_managed(username, password)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\token_request.py", line 177, in _get_token_username_password_managed
    return self._oauth_get_token(oauth_parameters)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\token_request.py", line 112, in _oauth_get_token
    return client.get_token(oauth_parameters)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\oauth2_client.py", line 289, in get_token
    raise AdalError(return_error_string, error_response)
adal.adal_error.AdalError: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: 2492ffdd-46e6-4edb-a412-47eefd200a00\r\nCorrelation ID: 2bbb1de3-b0b8-4510-b723-237e2faa7163\r\nTimestamp: 2019-08-09 06:50:11Z","error_codes":[7000218],"timestamp":"2019-08-09 06:50:11Z","trace_id":"2492ffdd-46e6-4edb-a412-47eefd200a00","correlation_id":"2bbb1de3-b0b8-4510-b723-237e2faa7163"}

I do not understand why is it asking for a client_secret for the username password method

1 answers

solution1
 2 ACCPTED  2019-08-09 09:21:37

however, to perform admin tasks like adding new users, one has to obtain the bearer for the admin account.

This is not correct. The token permissions is not related to the account, but the permissions you granted to the application. For example, if you want to call add new user api . You will nedd User.ReadWrite.All permission.

在此处输入图片说明

Go to Azure portal->Azure Active Directory->App registrations->find your app->Api permissions->add a permission->Microsoft Graph->Application permissions->choose User.ReadWrite.All permission->Grant admin consent.

I guess maybe the Resource parameter is incorrect. I do not know what the parameter means

This is the App ID URI of the target web API (secured resource). It may also be an external resource like https://graph.microsoft.com . You set it with https://graph.windows.net . Then you will only be able to call Azure AD graph api .

I do not understand why is it asking for a client_secret for the username password method.

You need to treat the application as public client.

在此处输入图片说明

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure ADAL authentication using python How do you get the username of a roblox account using Python Requests? How do I connect with Python to a RESTful API using keys instead of basic authentication username and password? How to set proxy AUTHENTICATION username:password using Python/Selenium How can i get Bearer token using basic authentication using python? Azure ADAL for Python - model has no attribute 'acquire_token_with_username_password' Azure ADAL for Python - facing issue with acquire_token_with_username_password method Password and Username using Python GUI Azure Functions (python) adal authentication timeout How to get response from blockchain.com by using wss in Python?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM