使用Azure的活动目录中的Oauth的Azure服务管理API认证 [英] Azure Service Management API authentication using Azure Active Directory Oauth
问题描述
我想通过卷曲使用Azure的AD到Azure的服务管理API认证。
I'd like to authenticate to the Azure Service Management API using Azure AD through curl.
设置我的默认目录中的应用程序。在这个免费试用subcription这是我的。唯一的目录
I set up an application within my default directory. In this free trial subcription that's the only directory I have.
在我指定OAuth令牌端点我收到一个JWT。
When I target the oauth token endpoint I receive a JWT.
curl --data "grant_type=client_credentials&client_id=<my_client_id>&client_secret=<my_encoded_secret>&resource=https%3A%2F%2Fmanagement.core.windows.net" https://login.windows.net/<my_tenant_id>/oauth2/token
但是当我使用该令牌列出我的订阅细节我收到一个错误:
But when I use that token to list my subscription details I receive an error:
curl -H "x-ms-version: 2014-06-01" \
-H "Authorization: Bearer <my_token>" \
https://management.core.windows.net/<my_subscription_id>/
<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Code>ForbiddenError</Code>
<Message>The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.</Message>
</Error>
我已授予权限的应用程序为委派权限服务管理API,因为应用程序权限不可用。
I have granted permissions to the Service Management API for the application as "Delegated permissions", because "Application permissions" are not available.
我是什么失踪?
推荐答案
这是不可能的,因为到的应用程序权限:0 的设置服务管理API。在 client_credentials 的交付式使用的凭据从应用程序(CLIENT_ID和client_secret),而且由于应用程序没有权限此API调用失败。
This isn't possible due to the Application Permissions: 0 setting for the Service Management API. The client_credentials grant type uses credentials from the application (client_id and client_secret), and since the application does not have permissions for this API the call fails.
由于服务管理API将不允许任何形式的应用程序的权限,我们必须使用的 authorization_ code交付式或其他一些方法来获取用户令牌。
Since the Service Management API will not allow application permissions of any kind, we must use the authorization_code grant type or some other method to obtain a user token.
这篇关于使用Azure的活动目录中的Oauth的Azure服务管理API认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!