通过Azure,VSTS和Graph以编程方式访问Microsoft身份 [英] Programmatically access Microsoft identity across Azure, VSTS, and Graph
问题描述
是否可以通过一个应用程序来访问Graph,VSTS和Azure信息?似乎要访问其中的每一个都需要它自己的应用程序(带有原始网址和回调网址).
Is there a way with a single app to access Graph, VSTS, and Azure information? It seems access to each of these requires it's own app with origination and callback urls.
对于Azure,我在节点js应用中使用NPM的passport-azure-ad.
For Azure, I'm using NPM's passport-azure-ad in a node js app.
理想情况下,我想结合使用VSTS生成信息,Azure服务使用信息和用户配置文件信息.
Ideally, I would like to combine VSTS build info, Azure service usage info, and User profile info.
推荐答案
您提到的每个服务都有自己的API:
Each of the services you mentioned has their own API:
但是,这并不意味着他们每个人也都需要自己的应用程序".通过 Azure门户在Azure AD中注册应用程序时,您可以请求访问多个API.您收到的每个 access_token 都将绑定到一个API(称为资源"),但是您可以使用 refresh_token 来切换目标资源:
This does not however mean that they also each need their own "app". When you register your application in Azure AD via the Azure Portal you're able to request access to a number APIs. Each access_token you receive will be tied to one API (called a "resource") but you can use the refresh_token to switch the targeted resource:
这里唯一的例外是VSTS REST API.尽管大多数API使用相同的身份提供程序,但VSTS拥有自己的身份提供程序.因此,出于VSTS的目的,您将需要让用户单独进行身份验证.显然,这不是很好的用户体验,但是有一个有用的解决方法:
The only exception here is the VSTS REST API. While most APIs use the same identity provider, VSTS has their own. So for the purposes of VSTS, you will need to have the user authenticate separately. Obviously, that isn't a great user experience but there is a useful workaround: Personal Access Tokens.
使用VSTS个人访问令牌可以使您通过Azure AD OAuth对用户进行身份验证,并获取可以与Microsoft Graph和Azure REST API一起使用的访问令牌.对它们进行身份验证后,可以要求他们提供个人访问令牌以访问VSTS.这样您就可以忘记要求用户再次进行身份验证,因为您将存储他们的PAT以便将其用于对VSTS的任何调用.
Using a Personal Access Token for VSTS allows you to authenticate the user via Azure AD OAuth and get an access token you can use with Microsoft Graph and the Azure REST API. Once you've authenticated them, you can ask them to provide a Personal Access Token to access VSTS. This allows you to forgot asking the user to authenticate a second time since you'll store their PAT use it for any calls to VSTS.
这篇关于通过Azure,VSTS和Graph以编程方式访问Microsoft身份的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
