【发布时间】:2021-03-03 07:02:14
【问题描述】:
我正在 Azure AD 中创建一个应用程序作为获取用户电话的守护程序
使用 python msal 库的身份验证方法并调用以下端点 GET https://graph.microsoft.com/beta/users/{id | UPN}/authentication/phoneMethods 但我收到以下错误
{
"error": {
"code": "accessDenied",
"message": "Request Authorization failed",
"innerError": {
"message": "Request Authorization failed",
"date": "2020-11-19T19:26:28",
"request-id": "11975e07-ee6b-4bd2-9a74-7c175c5da560",
"client-request-id": "11975e07-ee6b-4bd2-9a74-7c175c5da560"
}
}
}
我的应用程序具有获取我正在寻找的信息所需的应用程序权限,它们是 UserAuthenticationMethod.Read.All 和 UserAuthenticationMethod.ReadWrite.All,并且它已经可以与不同的端点(例如 GET https://graph.microsoft.com/beta/users/{id | UPN})一起使用,这是我的代码使用以获取所需的访问令牌并调用图形 api
import json
import logging
import requests
import msal
config = {
"authority": "https://login.microsoftonline.com/TENANT_NAME",
"client_id": "APP_ID",
"scope": ["https://graph.microsoft.com/.default"],
"secret": "APP_SECRET",
"endpoint": "https://graph.microsoft.com/beta/users/{USER_ID}/authentication/phoneMethods"
}
app = msal.ConfidentialClientApplication(
config["client_id"], authority=config["authority"],
client_credential=config["secret"],
)
result = None
result = app.acquire_token_silent(config["scope"], account=None)
if not result:
logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
result = app.acquire_token_for_client(scopes=config["scope"])
if "access_token" in result:
graph_data = requests.get(
config["endpoint"],
headers={'Authorization': 'Bearer ' + result['access_token']}, ).json()
print("Graph API call result: ")
print(json.dumps(graph_data, indent=2))
else:
print(result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id"))
我尝试使用 curl 或 postman 做同样的事情,但我得到了完全相同的错误,所以我猜这可能是访问令牌问题?
提前致谢
【问题讨论】:
-
如果我的回答对您有帮助,您可以接受它作为答案(单击答案旁边的复选标记,将其从灰色切换为已填充。)。这对其他社区成员可能是有益的。谢谢你:)
标签: python azure-active-directory microsoft-graph-api msal