"""Simple test script to obtain app-only security token from Azure AD"""
import configparser
from msal import ConfidentialClientApplication
# get credentials from config file
config = configparser.ConfigParser()
config.read(["config.cfg"])
CONFIG = config["azure"]
SCOPE = 'https://graph.microsoft.com/.default'
# Initialize ConfidentialClientApplication
app = ConfidentialClientApplication(
client_id=CONFIG["clientId"],
client_credential=CONFIG["clientSecret"],
authority=f"https://login.microsoftonline.com/{CONFIG['tenantId']}"
)
# Acquire a token
result = app.acquire_token_for_client(scopes=[SCOPE])
access_token = result['access_token']
print("Access Token:", access_token)
这会产生以下结果:
ClientSecretCredential.get_token failed: Cannot connect to host
login.microsoftonline.com:443 ssl:True [SSLCertVerificationError:
(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
certificate has expired (_ssl.c:997)')]
在浏览器中访问 https://login.microsoftonline.com 效果很好,所以我不确定我做错了什么 - 任何指示将不胜感激......
更新
问题与 SSL 证书相关。在应用程序调用中禁用验证会将错误更改为警告:
app = ConfidentialClientApplication(
client_id=CONFIG["clientId"],
client_credential=CONFIG["clientSecret"],
authority=f"https://login.microsoftonline.com/{CONFIG['tenantId']}",
verify=False,
)
这会引发警告:
InsecureRequestWarning: Unverified HTTPS request is being made to host 'login.microsoftonline.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
url3 lib docs提供了一个解决方案,允许使用http.request
毫无问题地发出经过验证的请求,但我不确定如何使用
msal库来调整它?
requests
。将
requests更新到最新版本(当前为 2.32.2)解决了该问题。