我需要自动连接到 Azure 上的日志分析。 在执行此操作之前,我需要获取访问令牌。
使用不同的文档和 https://www.youtube.com/watch?v=ujzrq8Fg9Gc,我正在尝试进行设置。
TRY1
我的第一次尝试是使用 SoapUI 将 POST 请求发送到:
https://login.microsoftonline.com/MY TENANT ID/oauth2/token
?grant_type=client_credentials
&client_id=MY CLIENT ID
&redirect_uri=MY URL
&resource=https%3A%2F%2Fwestus2.api.loganalytics.io
&client_secret=MY CLIENT SECRET
带标题:
Content-Type: application/x-www-form-urlencoded
我总是得到这样的回应:
HTTP/1.1 400 Bad Request
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
x-ms-request-id: SOMETHING
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: fpc=SOMETHING; expires=Mon, 05-Aug-2019 13:14:50 GMT; path=/; secure; HttpOnly
Set-Cookie: x-ms-gateway-slice=prod; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly
Date: Sat, 06 Jul 2019 13:14:49 GMT
Content-Length: 437
{
"error":"invalid_request",
"error_description":"AADSTS900144: The request body must contain
the following parameter: 'grant_type'.rn
Trace ID: SOMETHINGrn
Correlation ID: SOMETHINGrn
Timestamp: 2019-07-06 13:14:50Z",
"error_codes":[900144],
"timestamp":"2019-07-06 13:14:50Z",
"trace_id":"SOMETHING",
"correlation_id":"SOMETHING"
}
土耳其里拉 2
我用 Python 用import requests编写它,如下所示:
import os,sys
import requests
Azure_client_id = 'MY CLIENT ID'
Azure_redirect_uri = 'MY URL'
Azure_client_secret = 'CLIENT SECRET'
Azure_tenant_id = 'TENANT ID'
Azure_resource = 'https://westus2.api.loganalytics.io'
###############################################################################
token_url = 'https://login.microsoftonline.com/' + Azure_tenant_id + '/oauth2/token'
token_headers = {
'Content-type': 'application/x-www-form-urlencoded',
}
token_params = {
'grant_type': 'client_credentials',
'client_id': Azure_client_id,
'redirect_uri': Azure_redirect_uri,
'resource': Azure_resource,
'client_secret': Azure_client_secret,
}
token_response = requests.post(token_url, headers=token_headers, params=token_params)
# This is to see what was sent
print(token_response.url + "nn")
# get the response and print it
token_result = ''
for chunk in token_response.iter_content(chunk_size=128):
token_result = token_result + str(chunk)
print(token_result.replace("\n","n"))
发送的 URL 是这样的(为便于阅读而格式化):
https://login.microsoftonline.com/MY TENANT ID/oauth2/token
?grant_type=client_credentials
&client_id=MY CLIENT ID
&redirect_uri=https%3A%2F%2FMY URL
&resource=https%3A%2F%2Fwestus2.api.loganalytics.io
&client_secret=MY SECRET URL ENCODED
我得到的响应是这样的(为了可读性而重新格式化):
b'{"error":"invalid_request",
"error_description":"AADSTS900144: The request body must contain
the following parameter: 'grant_type'b"'.\r
Trace ID: SOMETHING\r
Correlation ID: SOMETHING\r
Timestamp: 2019-"b'07-06 13:49:59Z",
"error_codes":[900144],
"timestamp":"2019-07-06 13:49:59Z",
"trace_id":"SOMETHING",
"co'b'rrelation_id":"SOMETHING"}''
至少我得到同样的错误(! 由于我的请求显然包含一个"grant_type"参数,我的猜测是编码有问题(由 SoapUI 和 Python 的请求完成),我的 URL 有问题,或者我没有使用正确的 ID。
是否有办法在 Azure 中验证我的客户端密码是否有效?创建后,将无法再读取。 其他人创建了这个密钥,所以我不能假设他给我的东西是可以的。
感谢我的任何评论、提示、指出我的公然错误。
更改
token_response = requests.post(token_url, headers=token_headers, params=token_params)
自
token_response = requests.post(token_url, data=token_params)
您不需要指定 Content-type 标头,它是从您的有效负载(字典,所以x-www-form-urlencoded)推断出来的,data也是您想要的(有效负载),而不是params(URL 参数)。
您的请求在网络上应如下所示 -
POST /TENANT_ID/oauth2/token HTTP/1.1
Host: localhost:9000
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 151
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=MY+CLIENT+ID
&redirect_uri=MY+URL
&resource=https%3A%2F%2Fwestus2.api.loganalytics.io
&client_secret=CLIENT+SECRET
一切都在身体里,它应该为x-www-form-urlencoded.
更多关于x-www-form-urlencoded的信息 -
https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/POST#Example
这是我的解决方案。
async getToken() {
try {
const url = `https://login.microsoftonline.com/${this.azAdTenant}/oauth2/token`;
const formFlat = `grant_type=client_credentials&client_id=${this.azAdClientId}&client_secret=${this.azAdClientSecret}&resource=${this.simpleStorageResource}`;
const response = await this.http.request({
baseURL: url,
method: "POST",
data: formFlat,
headers: {'content-type': 'application/x-www-form-urlencoded'},
}
).toPromise();
return response.data;
} catch (e) {
return e;
}
}