【发布时间】:2019-10-17 03:05:27
【问题描述】:
ADAL 已被折旧以支持 MSAL。 尝试在简单的 PythonCGI(没有烧瓶)中实现 MSAL。
https://msal-python.readthedocs.io/en/latest/
https://github.com/Azure-Samples/ms-identity-python-webapp
下面是 ADAL 的工作代码。
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import cgi
import cgitb; cgitb.enable() # for troubleshooting
from msal import PublicClientApplication
import adal
form = cgi.FieldStorage()
code = form.getvalue('code')
token = form.getvalue('token')
redirect_uri = 'http://************'
resource = '************'
client_id = '************'
header = ''
message=''
if not code and not token:
auth_template = 'https://adfs.blah.com/adfs/oauth2/authorize?response_type=code&client_id={}&redirect_uri={}'
authorization_url = (auth_template).format(client_id, redirect_uri)
header = '<meta http-equiv="refresh" content="0;url=' + authorization_url + '"/>'
elif code != "" and not token:
authority_url = 'https://adfs.blah.com/adfs'
context = adal.AuthenticationContext(authority_url, validate_authority=False,)
token = context.acquire_token_with_authorization_code(code, redirect_uri, resource, client_id)
refresh_token = token['refreshToken']
token = context.acquire_token_with_refresh_token(refresh_token, client_id, resource,)
token_userid = token["userId"].split("@",1)[0].upper()
message=token_userid
print("Content-Type: text/html;charset=utf-8")
print()
# put css link? the header section vs using <style> in the page <link rel="stylesheet" href="report.css" />
print("""
<!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
{header}
</head>
<body>
{message}
</body>
</html>
""".format(header=header,message=message))
我认为我遇到的问题是使用 MSAL 获取有效代码。
我不认为我的服务器设置为返回客户端密码。
所以我尝试使用 ADAL 获取代码,然后使用 ADAL 中的代码作为 MSAL 的输入以获取 Token。
if not code and not token:
auth_template = 'https://adfs.blah.com/adfs/oauth2/authorize?response_type=code&client_id={}&redirect_uri={}'
authorization_url = (auth_template).format(client_id, redirect_uri)
header = '<meta http-equiv="refresh" content="0;url=' + authorization_url + '"/>'
elif code != "" and not token:
result=msal.ConfidentialClientApplication(client_id, client_credential=None, authority=None, validate_authority=True, token_cache=None, verify=True, proxies=None, timeout=None, client_claims=None)
message=result.acquire_token_by_authorization_code(code, ["User.ReadBasic.All"], redirect_uri=None,)
但是基于此错误,输入数据结构似乎格式错误。
{'error': 'invalid_grant', 'error_description': 'AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 9fdb3fe4-23b0-4779-9e65-3e3e13951500\r\nCorrelation ID: 51d1d399-7732-4c99-8266-ef89c0f74b2c\r\nTimestamp: 2019-10-16 05:32:05Z', 'error_codes': [9002313], 'timestamp': '2019-10-16 05:32:05Z', 'trace_id': '9fdb3fe4-23b0-4779-9e65-3e3e13951500', 'correlation_id': '51d1d399-7732-4c99-8266-ef89c0f74b2c', 'error_uri': 'https://login.microsoftonline.com/error?code=9002313', 'suberror': 'bad_token'}
寻求有关简单 Python CGI MSAL 外观的帮助?
提前致谢。
和平, 埃里克
【问题讨论】: