尝试使用 azure-graphrbac 创建 Azure B2C 用户
Trying to create Azure B2C user with azure-graphrbac
我们正在尝试将现有用户导入我们的 B2C 租户。为此,我们一直在尝试使用 azure-graphrbac python 库。
我已按照 this 指南注册要与图表一起使用的应用程序 api。
我正在使用以下代码尝试创建用户:
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.graphrbac.models import UserCreateParameters, PasswordProfile
credentials = ServicePrincipalCredentials(
client_id="<CLIENT ID>",
secret="<SECRET>",
tenant="<TENANT ID>"
)
tenant_id = '<myb2ctenant>.onmicrosoft.com'
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
ucp = UserCreateParameters(
user_principal_name="my@mail.com",
account_enabled=True,
display_name='Martin T',
mail_nickname='<mymail>',
additional_properties={
"signInNames": [{"type": "emailAddress", "value": "<mymail>"}]
},
user_type="LocalAccount",
password_profile=PasswordProfile(
password='<somepassword>',
force_change_password_next_login=True
)
)
user = graphrbac_client.users.create(ucp)
我已确保客户端 ID、机密和租户 ID 正确无误。但是,我不断收到此错误:
GraphErrorException: Access Token missing or malformed.
有人知道我可能做错了什么吗?
您的服务主体身份验证需要定义 "resource":
https://docs.microsoft.com/en-us/python/api/overview/azure/activedirectory
credentials = UserPassCredentials(
'user@domain.com', # Your user
'my_password', # Your password
resource="https://graph.windows.net"
)
正如 Laurent 所说,您需要定义 resource。默认资源是 https://management.core.windows.net/。在你的场景中,你想创建一个用户,资源是 https://graph.windows.net.
你的代码也有错误,我修改一下。以下代码对我有用。
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.graphrbac.models import UserCreateParameters, PasswordProfile
credentials = ServicePrincipalCredentials(
client_id="",
secret="",
resource="https://graph.windows.net",
tenant = ''
)
tenant_id = ''
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
ucp = UserCreateParameters(
user_principal_name="",
account_enabled=True,
display_name='Martin T',
##I test in my lab, if I use this line, I will get error log and could not create a user.
#additional_properties={
# "signInNames": [{"type": "emailAddress", "value": ""}]
#},
##user_type only support Member or Guest, see this link https://docs.microsoft.com/en-us/python/api/azure.graphrbac.models.usercreateparameters?view=azure-python
user_type="Member",
mail_nickname = 'shuitest',
password_profile=PasswordProfile(
password='',
force_change_password_next_login=True
)
)
user = graphrbac_client.users.create(ucp)
请参阅此 link 中的 SDK。
我们正在尝试将现有用户导入我们的 B2C 租户。为此,我们一直在尝试使用 azure-graphrbac python 库。
我已按照 this 指南注册要与图表一起使用的应用程序 api。
我正在使用以下代码尝试创建用户:
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.graphrbac.models import UserCreateParameters, PasswordProfile
credentials = ServicePrincipalCredentials(
client_id="<CLIENT ID>",
secret="<SECRET>",
tenant="<TENANT ID>"
)
tenant_id = '<myb2ctenant>.onmicrosoft.com'
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
ucp = UserCreateParameters(
user_principal_name="my@mail.com",
account_enabled=True,
display_name='Martin T',
mail_nickname='<mymail>',
additional_properties={
"signInNames": [{"type": "emailAddress", "value": "<mymail>"}]
},
user_type="LocalAccount",
password_profile=PasswordProfile(
password='<somepassword>',
force_change_password_next_login=True
)
)
user = graphrbac_client.users.create(ucp)
我已确保客户端 ID、机密和租户 ID 正确无误。但是,我不断收到此错误:
GraphErrorException: Access Token missing or malformed.
有人知道我可能做错了什么吗?
您的服务主体身份验证需要定义 "resource":
https://docs.microsoft.com/en-us/python/api/overview/azure/activedirectory
credentials = UserPassCredentials(
'user@domain.com', # Your user
'my_password', # Your password
resource="https://graph.windows.net"
)
正如 Laurent 所说,您需要定义 resource。默认资源是 https://management.core.windows.net/。在你的场景中,你想创建一个用户,资源是 https://graph.windows.net.
你的代码也有错误,我修改一下。以下代码对我有用。
from azure.graphrbac import GraphRbacManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.graphrbac.models import UserCreateParameters, PasswordProfile
credentials = ServicePrincipalCredentials(
client_id="",
secret="",
resource="https://graph.windows.net",
tenant = ''
)
tenant_id = ''
graphrbac_client = GraphRbacManagementClient(
credentials,
tenant_id
)
ucp = UserCreateParameters(
user_principal_name="",
account_enabled=True,
display_name='Martin T',
##I test in my lab, if I use this line, I will get error log and could not create a user.
#additional_properties={
# "signInNames": [{"type": "emailAddress", "value": ""}]
#},
##user_type only support Member or Guest, see this link https://docs.microsoft.com/en-us/python/api/azure.graphrbac.models.usercreateparameters?view=azure-python
user_type="Member",
mail_nickname = 'shuitest',
password_profile=PasswordProfile(
password='',
force_change_password_next_login=True
)
)
user = graphrbac_client.users.create(ucp)
请参阅此 link 中的 SDK。