azure-active-directory - 在 Azure 使用 Curl 命令访问令牌时,当我在我的应用程序中使用相同的命令时,它会给出错误:invalid_scope
问题描述
我正在使用CURL
请求:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=123489hfdufkd924449&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=sjksjaadwq928449282348djffegke&grant_type=client_credentials' 'https://login.microsoftonline.com/3422823dkfhskflswlewr9328402948/oauth2/v2.0/token'
注意:client_id 和 client_secrets 在这里无效。
当我从应用程序尝试相同时,它给了我错误:invalid_scope
那么问题是什么,为什么它不起作用..?
这是我添加信息的地方
def _get_token_from_client_credentials(self, endpoint, client_id,
client_secret, service_mgmt_url):
'''
Get token from azure with client credentials.
:return string of the token
'''
ilog.debug('self = %s, endpoint = %s, client_id = %s, \
client_secret, = %s, service_mgmt_url = %s'
% (self.__dict__, endpoint, client_id,
client_secret, service_mgmt_url))
if "v2.0" in endpoint:
payload = {
'grant_type' : 'client_credentials',
'client_id' : client_id,
'scope' : 'https%3A%2F%2Fgraph.microsoft.com%2F.default',
'client_secret' : client_secret,
}
else:
payload = {
'grant_type': 'client_credentials',
'client_id': client_id,
'client_secret': client_secret,
'resource': service_mgmt_url,
}
response = self.send_request_no_token(
Url.make_from_url(endpoint), method=HTTP_METHOD_POST, data=payload)
status_code = response.status_code
try:
response_doc = json.loads(response.body)
# In case of http error, we don't get json object.
except ValueError:
response_doc = {'error': response.reason_phrase}
if status_code != '200':
err_msg = response_doc.get('error',
'failed to get authentication token')
raise AzureHttpError(err_msg, status_code)
return response_doc.get('access_token')
拨打电话的功能
def send_request_no_token(self, url, method=HTTP_METHOD_GET, headers=None,
data=None):
'''
Send HTTP request with provided parameters. Authorization token
is not added to headers, following http redirect is turned on.
:return http response object
'''
ilog.debug('self = %s, url = %s, method = %s, headers = %s, data = %s'\
% (self.__dict__, url, method, headers, data))
# Use empty Content-Type header if header is not given.
if headers is None:
headers = {'Content-Type': ''}
ilog.debug('self = %s, url = %s, method = %s, headers = %s, data = %s'\
% (self.__dict__, url, method, headers, data))
return self._send_request(url, method=method, data=data,
headers=headers, follow_redirect=True)
实际通话发生的地方
def _send_request(self, url, method=HTTP_METHOD_GET, headers=None,
data=None, follow_redirect=False):
'''
Send HTTP request with provided parameters, which is managed by
HTTP session.
:return http response object
'''
data = urlencode(data if data else {})
self._connector.request = HTTPRequest(
is_secure=url.is_secure, port=url.port, hostname=url.host,
path=url.path, params=url.params, method=method, body=data,
headers=headers, follow_redirect=follow_redirect)
self._connector.execute_request()
return self._connector.response
我没有找到我出错的地方
解决方案
对于 microsoft graph api,资源端点是https://graph.microsoft.com
.
对于 Azure 管理 API,资源端点是https://management.azure.com
.
如果您想使用 v2.0 auth 端点调用 azure 管理 api,您应该使用https://management.azure.com/.default
作为范围。
推荐阅读
- ruby-on-rails - 如何循环 OpenStruct 键/值对
- sql - 删除 SQL 查询错误
- c - 如何在 C 中使用双指针矩阵制作卷积函数?
- javascript - 使用 submitHandler 时无法保持 preventDefault,直接进入 AJAX PHP 文件
- ubuntu - 无法在 Ubuntu 的虚拟 conda 环境中启动 jupyter notebook
- java - 外键约束在多对多 Hibernate 关系上失败
- html - 滚动条不考虑子 div 中的溢出
- amazon-web-services - 无法理解如何在 AWS 上托管静态网站
- web-scraping - 为什么这显示“DNS 查找失败”?
- php - 数据未存储在 Wordpress 数据库中