密钥库身份验证(REST API) [英] Keyvault Authentication (REST API)

问题描述

我对Microsoft分散的文档感到有些困惑.

I am a little confused by Microsoft's scattered documentation.

我已经创建了一个应用程序(

I have created an application (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal), which means I now have:

• 应用程序ID
• 键
• 目录ID

我已进入Azure门户中的KeyVault，并已授予了该应用程序的权限.

I have gone into the KeyVault in Azure Portal, and I have granted permissions to the application.

出于测试目的，我试图通过CURL运行测试.我为此使用的基础是以下Microsoft页面( https://docs.microsoft.com/zh-cn/azure/active-directory/develop/active-directory-protocols-oauth-service -to-service#request-an-access-token 和

For test purposes, I am trying to run a test via CURL. The basis I am using for this is the following Microsoft pages (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token and https://docs.microsoft.com/en-us/rest/api/#create-the-request)

所以，我要做的第一件事是通过以下调用获得令牌:

So, the first thing I do is get a token through the following call:

curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>" https://login.microsoftonline.com/<removed_for_security>/oauth2/token

这将返回一个令牌.

然后，我(尝试)按如下方式使用该令牌:

I then (try to) use that token as follows:

curl -H "Authorization: Bearer <removed_for_security>" -vv https://<removed_for_security>.vault.azure.net/secrets/<removed_for_security>/<removed_for_security>

我没有收到任何内容，只是"HTTP/1.1 401未经授权"

I get no content back, just "HTTP/1.1 401 Unauthorized"

推荐答案

好，所以我可以确认您正在执行的请求是有效的，在大多数情况下，您忘记了API版本，但是问题不在于API版本(它会告诉您).

Ok, so I can confirm that the request you are doing is valid, for the most part, you forgot the API-version, but problem is not with the API version (it would tell you that).

https://xxx.vault.azure.net/secrets/xxx/?api-version=2015-06-01

此网址有效，因此我猜该标记不正确.最简单的检查方法是转到JWT.io，并在其中粘贴令牌并查看内容(如果它们与Key Vault期望的内容匹配).可能您不匹配.

this url works, so I guess the token is not right. The easiest way to check would be to go to JWT.io and paste the token there and see the contents, if they match with what the Key Vault expects. Probably you have a mismatch.

这篇关于密钥库身份验证(REST API)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！