使用获得的oauth2令牌访问用户的Azure Blob存储 [英] Access Azure Blob storage of a user using oauth2 token obtained
问题描述
在Azure Blob存储中,我需要的是在用户登录其帐户时获取访问令牌,并通过使用此访问令牌执行列表/上传/下载用户Blob存储中的文件.在Dropbox/Google驱动器中执行). 使用给定的请求用户身份验证,我得到了代码
In Azure blob storage what I need is to get the access token when a user signs into his account, and by using this access token to perform list/upload/download the files in user blob storage.(Similar to what we can do in Dropbox/Google drive). Using the given request user authentication I am getting the code,
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=client_id&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fstorage.azure.com%2Fuser_impersonation&state=12345
然后使用以下请求代码获取令牌
And the code is used to get the token using the below request
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=client_id&scope=openid%20offline_access%20https%3A%2F%2Fstorage.azure.com%2Fuser_impersonation&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&grant_type=authorization_code&client_secret=client_secret
但是当我使用https://account_name.blob.core.windows.net/container_name?restype=container&comp=list
调用获取列表请求时,我正在获取server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature
.如何使用获得的令牌访问Blob存储中的文件?我们可以使用python做到这一点吗?
But when I call get request to list using https://account_name.blob.core.windows.net/container_name?restype=container&comp=list
I am getting server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature
. How to access the files in the blob storage using the token obtained? Can we do this using python?
推荐答案
如果要使用Azure AD访问Azure blob存储,请参考以下步骤:
If you want to access Azure blob storage with Azure AD, please refer to the following steps:
-
注册Azure AD应用程序
Register Azure AD application
配置Azure AP复制
Configure Azure APplication
a.配置权限
a. Configure permissions
为用户配置RABC角色
Configure RABC role for the user
az role assignment create \
--role "Storage Blob Data Contributor" \
--assignee <email> \
--scope "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>
- 获取令牌 一种.获取代码
- Get token a. get code
https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize?
client_id=<>
&response_type=code
&redirect_uri=http://localhost:3000/
&response_mode=query
&scope=https://storage.azure.com/user_impersonation
&state=12345
b.获得令牌
Post https://login.microsoftonline.com/<>/oauth2/v2.0/token
client_id=<>
&scope=https://storage.azure.com/user_impersonation
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=<>
Get https://myaccount.blob.core.windows.net/mycontainer/myblob
Headers :
Authorization: Bearer <>
x-ms-version: 2019-02-02
这篇关于使用获得的oauth2令牌访问用户的Azure Blob存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!