oauth-2.0 - 我需要一种在未经用户同意的情况下使用 ARM 或任何 powershell 对 sharepointonline api 连接进行身份验证的方法
问题描述
我希望自动化在 Azure 中未经用户同意的情况下对 sharepoint 在线 api 连接进行身份验证,因为我想在 azuredveops 管道中运行代码,并且我得到的代码确实打开了一个自定义表单并征求用户同意。如果我不同意,那就好必须通过 devops 管道运行它,但在我的情况下,是的,我需要通过代码运行授权,而无需用户/图形干预
我尝试了以下代码,该代码在我的本地运行良好,但正如我所解释的,它需要用户同意,这在 azuredevops 管道世界中不起作用
[string] $ResourceGroupName = '*****',
[string] $ResourceLocation = '******',
[string] $api = 'office365',
[string] $ConnectionName = 'SharepointOnline',
[string] $subscriptionId = '*****'
)
#OAuth window for user consent
Function Show-OAuthWindow {
Add-Type -AssemblyName System.Windows.Forms
$form = New-Object -TypeName System.Windows.Forms.Form -Property @{Width=600;Height=800}
$web = New-Object -TypeName System.Windows.Forms.WebBrowser -Property @{Width=580;Height=780;Url=($url -f ($Scope -join "%20")) }
$DocComp = {
$Global:uri = $web.Url.AbsoluteUri
if ($Global:Uri -match "error=[^&]*|code=[^&]*") {$form.Close() }
}
$web.ScriptErrorsSuppressed = $true
$web.Add_DocumentCompleted($DocComp)
$form.Controls.Add($web)
$form.Add_Shown({$form.Activate()})
$form.ShowDialog() | Out-Null
}
#login to get an access code
#Login-AzureRmAccount
#select the subscription
$ResourceLocation = (Get-AzureRmResource -ResourceGroupName CI | Select-Object Location)[0].Location
$subscription = Select-AzureRmSubscription -SubscriptionId $subscriptionId
#Get the connection and create if wasn't already created
$connection = Get-AzureRmResource -ResourceType "Microsoft.Web/connections" -ResourceGroupName $ResourceGroupName -ResourceName $ConnectionName -ErrorAction SilentlyContinue
if(-not $connection) {
$connection = New-AzureRmResource -Properties @{"api" = @{"id" = "subscriptions/" + $subscriptionId + "/providers/Microsoft.Web/locations/" + $ResourceLocation + "/managedApis/" + $api}; "displayName" = $ConnectionName; } -ResourceName $ConnectionName -ResourceType "Microsoft.Web/connections" -ResourceGroupName $ResourceGroupName -Location $ResourceLocation -Force
}
#else get the connection
else{
$connection = Get-AzureRmResource -ResourceType "Microsoft.Web/connections" -ResourceGroupName $ResourceGroupName -ResourceName $ConnectionName
}
Write-Host "connection status: " $connection.Properties.Statuses[0]
$parameters = @{
"parameters" = ,@{
"parameterName"= "token";
"redirectUrl"= "https://online.microsoft.com/default/authredirect"
}
}
#get the links needed for consent
$consentResponse = Invoke-AzureRmResourceAction -Action "listConsentLinks" -ResourceId $connection.ResourceId -Parameters $parameters -Force
$url = $consentResponse.Value.Link
#prompt user to login and grab the code after auth
Show-OAuthWindow -URL $url
$regex = '(code=)(.*)$'
$code = ($uri | Select-string -pattern $regex).Matches[0].Groups[2].Value
Write-output "Received an accessCode: $code"
if (-Not [string]::IsNullOrEmpty($code)) {
$parameters = @{ }
$parameters.Add("code", $code)
# NOTE: errors ignored as this appears to error due to a null response
#confirm the consent code
Invoke-AzureRmResourceAction -Action "confirmConsentCode" -ResourceId $connection.ResourceId -Parameters $parameters -Force -ErrorAction Ignore
}
#retrieve the connection
$connection = Get-AzureRmResource -ResourceType "Microsoft.Web/connections" -ResourceGroupName $ResourceGroupName -ResourceName $ConnectionName
Write-Host "connection status now: " $connection.Properties.Statuses[0]
解决方案
推荐阅读
- javascript - window.parent.postMessage 不适用于 iframe 中的 scr="'data:text/html;charset=utf-8"
- angular - 如何在 Ionic Ecommerce App 中应用产品搜索
- dns - 如何强制用户从特定的办公地点到特定的 ADFS 服务器
- delphi - AdvBadgeGlowButton1 标题上的 delphi 用例
- c++ - 如何在 RPi3 上的交叉编译应用程序的 MainWindow 上显示边框和标题栏?
- php - 如何在站点子文件夹中配置 php symfony4 应用程序(路由问题)
- listview - 显示弹出菜单后 ListView HitTest 返回错误值
- mongodb - 无法在 mongodb 中搜索“一次”
- firebase - 带有firebase数据库的简单js todo应用程序
- javascript - nodejs异步/承诺地狱