403-授权错误-OAuth2.0-访问令牌-Azure Api For Fhir [英] 403 - Authorization Error - OAuth2.0 - Access Token - Azure Api For Fhir
问题描述
I have deployed and configured Azure API for FHIR using this link - https://docs.microsoft.com/en-gb/azure/healthcare-apis/tutorial-web-app-fhir-server
使用邮递员,我能够成功地将患者信息插入fhir-server.
Using postman i am able to successfully insert a patient information into fhir-server.
要使其自动化,我正在使用python和客户端服务流.
To automate it I am using python and client service flow.
def get_access_token(self):
token_url = 'https://login.microsoftonline.com/{}/oauth2/v2.0/token'.format(azure_app_tenant_id)
token_data = {
'grant_type': 'client_credentials',
'client_id': azure_app_client_id,
'client_secret': azure_app_client_secret,
'scope': fhir_endpoint_url + "/.default",
}
token_r = requests.post(token_url, data=token_data)
log.info("Retrieving Access Token")
if token_r.status_code == 200:
log.info("Access Token Retrieved Successfully")
else:
raise Exception("Error retrieving access token")
print(token_r.json()["access_token"])
return token_r.json()["access_token"]
我能够使用get_access_token获取访问令牌.但是,当我使用access_token并插入患者记录时,其抛出授权失败-403错误.
i am able to get an access token using get_access_token. However, when i use the access_token and insert patient record, its throwing Authorization Failed - 403 error.
def insert_patient_record(self, payload):
log.info("Inserting Patient Record")
headers = {
'Authorization': 'Bearer {}'.format(self.get_access_token()),
'Content-Type': 'application/json'
}
response = requests.request("POST", fhir_endpoint_url, headers=headers, data=payload)
print("Response Code: ", response.status_code)
if response.status_code == 200:
log.info("Patient Record inserted Successfully")
else:
print("Response Text: ", response.text)
raise Exception("Error inserting patient record")
Response Text: {"resourceType":"OperationOutcome","id":"24515888da8e954da1e763d96193155b","issue":[{"severity":"error","code":"forbidden","diagnostics":"Authorization failed."}]}
注意:在"FHIR服务器身份验证"部分中,我添加了我之前在ADD中创建的已注册APP的对象ID.
Note: In FHIR-Server Authentication section, i have added the Object ID of the Registered APP which i earlier created in ADD.
推荐答案
您似乎未添加了已注册应用程序的(正确)对象ID.重要的是,应用程序注册具有对象ID,但是服务主体也是如此.它是您要查找的服务主体的应用程序ID.
It looks like you have not added the (correct) object id of the registered application. Importantly, the application registration has an object id, but so does the service principal. It is the application id for the service principal you are looking for.
在此处查看说明:
https://docs.microsoft.com/en-us/azure/healthcare-apis/find-identity-object-ids
您可以使用PowerShell找到它的服务主体对象ID:
You can find it the service principal object id with PowerShell:
$(Get-AzureADServicePrincipal -Filter "AppId eq 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'").ObjectId
或Azure CLI:
or the Azure CLI:
az ad sp show --id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX | jq -r .objectId
我还建议您将令牌粘贴到类似 https://jwt.ms 的内容中,然后查看 oid 声明.那是您添加的对象ID吗?
I would also recommend pasting your token into something like https://jwt.ms and look at the oid claim. Is that the object id you added?
这篇关于403-授权错误-OAuth2.0-访问令牌-Azure Api For Fhir的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
