stackoom
  简体   繁体   中英

How to get Azure access token using client secret in MSAL?

 原文  2020-05-27 21:43:59       reactjs/ azure/ azure-active-directory/ adal/ msal

Question

I have been trying to migrate a web app from Flask to react, and I had trouble getting a valid access token. In Flask, I used adal and had following codes:

authority_host_uri = 'https://login.microsoftonline.com'
tenant = '<my tenant id>'
authority_uri = authority_host_uri + '/' + tenant
resource_uri = 'https://management.core.windows.net/'
client_id = '<my client id>'
client_secret = '<my client secret>'
context = adal.AuthenticationContext(authority_uri, api_version=None)
mgmt_token = context.acquire_token_with_client_credentials(resource_uri, client_id, client_secret)

and the response was

{'tokenType': 'Bearer',
 'expiresIn': 3599,
 'expiresOn': '2020-05-27 18:22:07.128189',
 'resource': 'https://management.core.windows.net/',
 'accessToken':'<the access token that was needed>'
 'isMRRT': True,
 '_clientId': '<client id info>',
 '_authority': '<authority above>'}

However, while I was trying to implement the same thing in msal in React, the access token that I got from

const tokenRequest = {
    scopes: [clientId + "/user_impersonation"]
};    
const response = await myMSALObj.acquireTokenSilent(tokenRequest)

was not valid, like it will get a 403 error from Azure catalog API, as the access token I got from Flask worked just fine. Are there different types of access token or is it because of the scoping? Is it possible to do the exact same thing as adal did in Flask (like no need to specify the scope, just using client secret to get the right access key? )

1 answers

solution1
 2 ACCPTED  2020-05-28 03:11:06

The scope is not correct. As you want to access this resource https://management.core.windows.net/

The scope should be: 

scopes: ["https://management.core.windows.net/.default"]

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-v1-app-scopes#scopes-to-request-access-to-all-the-permissions-of-a-v10-application

This is due to insufficient permissions, and you grant the administrator consent in accordance with the following procedure:

在此处输入图像描述

在此处输入图像描述

You can also obtain administrator consent through browser interaction:

https://login.microsoftonline.com/{tenant}/adminconsent?client_id={your-client_id}&state=12345&redirect_uri={your-redirect_uri}

在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Access Token react-aad-msal How do I fix 'The access token is from wrong audience or resource.' when trying to access Azure's REST api using an MSAL token Get the access token in localStorage generated by MSAL.JS and put it in Axios msal-browser with msal-react wrapper acquireTokenSilent doesn't get access token from cache Application does not fetch access token from cache using MSAL (react-aad-msal) how to get secret key(access token) in React app from another UI app for SSO How to get access_token from Identity Server hitting token endpoint, passing credentials from react client using fetch? How to properly store clientId, client secret and OAuth2 token with ReactApp Get access token from Microsoft Graph for Azure Sending a MSAL token to backend using Axios
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM