通过 Flask 管理 Microsoft Azure
Management Microsoft Azure by Flask
我正在开发一个使用 Flask 的 Azure 管理网站。
我用谷歌搜索并发现了以下示例:
https://github.com/Azure-Samples/active-directory-python-flask-graphapi-web-v2
但此示例用于访问 Microsoft Graph API,而不是 Azure 资源管理 API。
microsoft = oauth.remote_app(
'microsoft',
consumer_key='Register your app at apps.dev.microsoft.com',
consumer_secret='Register your app at apps.dev.microsoft.com',
request_token_params={'scope': 'offline_access User.Read'},
base_url='https://graph.microsoft.com/v1.0/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
)
我认为根据以下文档将 base_url 更改为 https://management.azure.com/:
https://docs.microsoft.com/azure/azure-resource-manager/resource-manager-api-authentication
但是这段代码不起作用。
能否告诉我如何使用 Flask + OAuth2(支持 MSAL)和 Azure 管理 API?
或者,是否有 Python 的 MSAL?
请参考 Azure AD v2.0 端点 restrictions on services and APIs。 v2.0 端点仅为 :
颁发访问令牌
The app that requested the token. An app can acquire an access token for itself, if the logical app is composed of several different components or tiers. To see this scenario in action, check out our Getting Started tutorials.
The Outlook Mail, Calendar, and Contacts REST APIs, all of which are located at https://outlook.office.com. To learn how to write an app that accesses these APIs, see the Office Getting Started tutorials.
Microsoft Graph APIs. You can learn more about Microsoft Graph and the data that is available to you.
因此 Azure AD v2.0 终结点当前不支持 Azure 资源管理 API。
您可以通过更改配置来修改同一个 Flask 示例应用以使用 v1 端点:
microsoft = oauth.remote_app(
'microsoft',
consumer_key='Register your app at apps.dev.microsoft.com',
consumer_secret='Register your app at apps.dev.microsoft.com',
base_url='https://management.azure.com',
request_token_url=None,
access_token_method='POST',
access_token_url='https://login.microsoftonline.com/common/oauth2/token',
authorize_url='https://login.microsoftonline.com/common/oauth2/authorize?resource=https://management.azure.com/'
)
要指出的主要差异:
- 删除 request_token_parameters 件
- 将
base url替换为https://management.azure.com
- 将
authorize_url 替换为 authorize_url='https://login.microsoftonline.com/common/oauth2/authorize?resource=https://management.azure.com/'
然后您可以按如下方式调用 API:
subscriptions = microsoft.get('subscriptions?api-version=2015-01-01')
我正在开发一个使用 Flask 的 Azure 管理网站。 我用谷歌搜索并发现了以下示例:
https://github.com/Azure-Samples/active-directory-python-flask-graphapi-web-v2
但此示例用于访问 Microsoft Graph API,而不是 Azure 资源管理 API。
microsoft = oauth.remote_app(
'microsoft',
consumer_key='Register your app at apps.dev.microsoft.com',
consumer_secret='Register your app at apps.dev.microsoft.com',
request_token_params={'scope': 'offline_access User.Read'},
base_url='https://graph.microsoft.com/v1.0/',
request_token_url=None,
access_token_method='POST',
access_token_url='https://login.microsoftonline.com/common/oauth2/v2.0/token',
authorize_url='https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
)
我认为根据以下文档将 base_url 更改为 https://management.azure.com/:
https://docs.microsoft.com/azure/azure-resource-manager/resource-manager-api-authentication
但是这段代码不起作用。
能否告诉我如何使用 Flask + OAuth2(支持 MSAL)和 Azure 管理 API?
或者,是否有 Python 的 MSAL?
请参考 Azure AD v2.0 端点 restrictions on services and APIs。 v2.0 端点仅为 :
颁发访问令牌The app that requested the token. An app can acquire an access token for itself, if the logical app is composed of several different components or tiers. To see this scenario in action, check out our Getting Started tutorials.
The Outlook Mail, Calendar, and Contacts REST APIs, all of which are located at https://outlook.office.com. To learn how to write an app that accesses these APIs, see the Office Getting Started tutorials.
Microsoft Graph APIs. You can learn more about Microsoft Graph and the data that is available to you.
因此 Azure AD v2.0 终结点当前不支持 Azure 资源管理 API。
您可以通过更改配置来修改同一个 Flask 示例应用以使用 v1 端点:
microsoft = oauth.remote_app(
'microsoft',
consumer_key='Register your app at apps.dev.microsoft.com',
consumer_secret='Register your app at apps.dev.microsoft.com',
base_url='https://management.azure.com',
request_token_url=None,
access_token_method='POST',
access_token_url='https://login.microsoftonline.com/common/oauth2/token',
authorize_url='https://login.microsoftonline.com/common/oauth2/authorize?resource=https://management.azure.com/'
)
要指出的主要差异:
- 删除 request_token_parameters 件
- 将
base url替换为https://management.azure.com - 将
authorize_url替换为authorize_url='https://login.microsoftonline.com/common/oauth2/authorize?resource=https://management.azure.com/'
然后您可以按如下方式调用 API:
subscriptions = microsoft.get('subscriptions?api-version=2015-01-01')