Graph API以编程方式验证为用户 [英] Graph API authenticate as a user programmatically
问题描述
我正在尝试使用HTTP POST请求获取特定的用户OAuth2承载令牌,但似乎没有任何效果.
I'm trying to get a specific user OAuth2 bearer token using HTTP POST request, and nothing seems to work.
login_url = 'https://login.microsoftonline.com/'
authorize_endpoint = '{0}{1}{2}'.format(login_url,config.tenant_id,'/oauth2/authorize')
bodyvals = {'client_id': config.client_id,
'client_secret': config.client_secret,
'grant_type': 'client_credentials',
'resource':config.resource_endpoint}
return requests.post(authorize_endpoint, data=bodyvals)
上面的代码有效,但是代表应用程序生成令牌.
我似乎找不到传递用户凭据的方法,也没有关于此的任何文档.
The above code works, but generates a token on behalf of the application.
I can't seem to find a way to pass in the users credentials, and no documentation on this whatsoever.
通常,我不在乎答案是使用Python还是Powershell还是只是一般性的解释,我只是不太了解如何正确地使用AAD来做到这一点.
Generally I don't care if the answer is in Python or Powershell or just a general explanation, I just don't seem to understand how to properly do that with AAD.
推荐答案
您可以手动完成,请在此处查看我的其他答案: https ://stackoverflow.com/a/40844983/1658906 .
You can do it manually, see my other answer here: https://stackoverflow.com/a/40844983/1658906.
您必须使用grant_type=password
并调用oauth2/token
端点.这是用于身份验证的C#版本:
You must use grant_type=password
and call the oauth2/token
endpoint. Here is the C# version for authenticating:
private async Task<string> GetAccessToken()
{
string tokenEndpointUri = Authority + "oauth2/token";
var content = new FormUrlEncodedContent(new []
{
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", Username),
new KeyValuePair<string, string>("password", Password),
new KeyValuePair<string, string>("client_id", ClientId),
new KeyValuePair<string, string>("client_secret", ClientSecret),
new KeyValuePair<string, string>("resource", PowerBiResourceUri)
}
);
using (var client = new HttpClient())
{
HttpResponseMessage res = await client.PostAsync(tokenEndpointUri, content);
string json = await res.Content.ReadAsStringAsync();
AzureAdTokenResponse tokenRes = JsonConvert.DeserializeObject<AzureAdTokenResponse>(json);
return tokenRes.AccessToken;
}
}
在请求中,您必须指定:
In the request you must specify:
- 用户名
- 密码
- 客户ID
- 客户机密
- 资源URI
这篇关于Graph API以编程方式验证为用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!