是否可以为Daemon App配置Azure Digital Twins API访问? [英] Is it possible to configure Azure Digital Twins API access for a Daemon App?
问题描述
要自动维护Azure Digital Twins实例,我们需要访问服务到服务的API,以便我们可以使用Azure中间层选项作为守护程序应用程序(例如,逻辑应用程序或函数)运行.
To automate maintenance of an Azure Digital Twins instance, we require service-to-service API access so that we can use Azure middle-tier options to run as daemon apps (e.g. Logic App or Function).
但是,在Azure Active Directory中注册应用程序时,Azure Digitial Twins预览" API(资源ID:0b07f429-9f4b-4714-9392-cc5e8e80c8b0)不支持应用程序权限(仅委托权限).但是,相关的Microsoft Graph API(资源ID:00000003-0000-0000-c000-000000000000)支持这两种权限类型.
However, the Azure Digitial Twins 'preview' API (resource id: 0b07f429-9f4b-4714-9392-cc5e8e80c8b0) does not support Application Permissions when registering the application in Azure Active Directory (only Delegated Permissions). However, the related Microsoft Graph API (resource id: 00000003-0000-0000-c000-000000000000) supports both permission types.
当前是否有任何方法可以访问Azure Digital Twins API进行身份验证,而无需登录AAD帐户(即使用"client_credentials"授予类型)?
Is there any way currently to authenticate for access to the Azure Digital Twins API without the need for a signed-in AAD account (i.e. using 'client_credentials' grant type)?
推荐答案
要使用客户端凭据流,您需要具有应用程序"权限.如果在API中仅定义了Delegated Permission,则可以使用登录的用户帐户访问API,例如授权码流.
To use client credential flow, you need the Application permission. If there is just Delegated Permission defined in the API, you could just access the API with a signed-in user account, e.g. authorization code flow.
在您的情况下,该选项为代表流量.
In your case, the option is On-Behalf-Of flow.
-
用户使用授权码流或其他登录流向中间层应用程序进行身份验证
The user authenticate with the middle-tier application with authorization code flow or another login flow
身份验证期间获取了OAuth 2.0代表令牌
An OAuth 2.0 On-Behalf-Of token is acquired during authentication
获取的令牌随后用于使用On-Behalf-Of流向更下游的API进行身份验证或进行调用
The acquired token is then used to authenticate with or call APIs that are further downstream using the On-Behalf-Of flow
For more details, check this doc - Call Digital Twins from a middle-tier web API.
这篇关于是否可以为Daemon App配置Azure Digital Twins API访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
