Graph API以编程方式验证为用户 [英] Graph API authenticate as a user programmatically

问题描述

我正在尝试使用HTTP POST请求获取特定的用户OAuth2承载令牌，但似乎没有任何效果.

I'm trying to get a specific user OAuth2 bearer token using HTTP POST request, and nothing seems to work.

login_url = 'https://login.microsoftonline.com/'
authorize_endpoint = '{0}{1}{2}'.format(login_url,config.tenant_id,'/oauth2/authorize')

bodyvals = {'client_id': config.client_id,
            'client_secret': config.client_secret,
            'grant_type': 'client_credentials',
            'resource':config.resource_endpoint}

return requests.post(authorize_endpoint, data=bodyvals)

上面的代码有效，但是代表应用程序生成令牌.
我似乎找不到传递用户凭据的方法，也没有关于此的任何文档.

The above code works, but generates a token on behalf of the application.
I can't seem to find a way to pass in the users credentials, and no documentation on this whatsoever.

通常，我不在乎答案是使用Python还是Powershell还是只是一般性的解释，我只是不太了解如何正确地使用AAD来做到这一点.

Generally I don't care if the answer is in Python or Powershell or just a general explanation, I just don't seem to understand how to properly do that with AAD.

推荐答案

您可以手动完成，请在此处查看我的其他答案: https ://stackoverflow.com/a/40844983/1658906 .

You can do it manually, see my other answer here: https://stackoverflow.com/a/40844983/1658906.

您必须使用grant_type=password并调用oauth2/token端点.这是用于身份验证的C#版本:

You must use grant_type=password and call the oauth2/token endpoint. Here is the C# version for authenticating:

private async Task<string> GetAccessToken()
{
    string tokenEndpointUri = Authority + "oauth2/token";

    var content = new FormUrlEncodedContent(new []
        {
            new KeyValuePair<string, string>("grant_type", "password"),
            new KeyValuePair<string, string>("username", Username),
            new KeyValuePair<string, string>("password", Password),
            new KeyValuePair<string, string>("client_id", ClientId),
            new KeyValuePair<string, string>("client_secret", ClientSecret),
            new KeyValuePair<string, string>("resource", PowerBiResourceUri)
        }
    );

    using (var client = new HttpClient())
    {
        HttpResponseMessage res = await client.PostAsync(tokenEndpointUri, content);

        string json = await res.Content.ReadAsStringAsync();

        AzureAdTokenResponse tokenRes = JsonConvert.DeserializeObject<AzureAdTokenResponse>(json);

        return tokenRes.AccessToken;
    }
}

在请求中，您必须指定:

In the request you must specify:

1. 用户名
2. 密码
3. 客户ID
4. 客户机密
5. 资源URI

这篇关于Graph API以编程方式验证为用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！