Azure:访问令牌是从错误的受众或资源获得的 [英] Azure: The access token has been obtained from wrong audience or resource

问题描述

尝试创建一个简单的任务以列出Azure门户中的所有资源.我按照给定URL中的指示进行操作，并成功接收了令牌.

Trying to create a simple task to list all resources in Azure portal. I followed the direction in the given URL and successfully received token.

http://azure-sdk-for- python.readthedocs.org/en/latest/resourcemanagement.html#authentication

但是，结合使用令牌和superscription_id时，出现以下错误.

However using the combination of token and superscription_id, I am getting the following error.

错误:

azure.common.AzureHttpError: {"error"{"code":"AuthenticationFailed","message":"The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.windows.net/','https://management.azure.com/'."}}  

我已经在Active Directory中创建了一个应用程序，并将所有权限分配给Windows Active Directory

I have created an application in Active directory and assigned all permission to windows active directory

以下是获取令牌的代码:

Following is the code to get token:

def get_token_from_client_credentials(endpoint, client_id, client_secret):
    payload = {
        'grant_type': 'client_credentials',
        'client_id': client_id,
        'client_secret': client_secret
        # 'resource': 'https://management.core.windows.net/',
    }
    response = requests.post(endpoint, data=payload).json()
    return response['access_token']

auth_token = get_token_from_client_credentials(endpoint='https://login.microsoftonline.com/11111111111-1111-11111-1111-111111111111/oauth2/token',
             client_id='22222222-2222-2222-2222-222222222222',
             client_secret='test/one/year/secret/key',

尝试在以下代码中使用此令牌:

Trying to consume this token in the following code :

def get_list_resource_groups(access_token, subscription_id):
    cred = SubscriptionCloudCredentials(subscription_id, access_token)
    resource_client = ResourceManagementClient(cred)
    resource_group_list = resource_client.resource_groups.list(None)
    rglist = resource_group_list.resource_groups
    return rglist

推荐答案

那没有影响(它是一个可选参数)

That is not impacting (its an optional parameter)

实际上，在使用客户端凭据进行服务呼叫的服务中，resource参数是必需的访问令牌的流程，此参数告诉您的应用程序在哪里获取令牌.当您需要验证ARM请求时，需要在get_token_from_client_credentials()

Actually, the resource parameter is required in Service to Service Calls Using Client Credentials flow for access token, this parameter tells your application where to get token. As you need to authenticate ARM requests, you need set 'resource': 'https://management.core.windows.net/' in get_token_from_client_credentials()

我们还可以从您的错误消息中获取信息:

And we can also get the information from your error message:

已从错误的受众或资源'00000002-0000-0000-c000-000000000000'获得了访问令牌.它应与允许的受众群体之一 https://management.core.windows.net/'，' https://management.azure.com/'

任何担心，请随时让我知道.

Any concern, please feel free to let me know.

这篇关于Azure:访问令牌是从错误的受众或资源获得的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！