我正在尝试使用下面的代码使用
client_credentials
流程为 Azure Active Directory 中的应用程序生成新的 ClientID 和密钥。
用于运行此脚本的应用程序具有
Application.ReadWrite.All
和 Application.ReadWrite.OwnedBy
级别的 Directory.ReadWrite.All
、Application
和 Delegated
权限。
import requests
from datetime import datetime, timedelta
# Azure AD B2C Constants
application_id ='888-xxxx-xxxx-xxxxx'
TENANT_ID = 'xxxx-xxxx-xxxxxxx'
CLIENT_ID = 'xxxx-xxxx-xxxxxxx'
CLIENT_SECRET = 'xxxxx-xxxxx-xxxxx'
# Token endpoint to get the access token
token_endpoint = f'https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token'
# Resource URL
resource_url = 'https://graph.microsoft.com'
# Scopes for the Microsoft Graph API
scopes = ['https://graph.microsoft.com/.default' ]
# Parameters to get the access token
token_data = {
'grant_type': 'client_credentials',
'client_id': CLIENT_ID,
'client_secret': CLIENT_SECRET,
'scope': ' '.join(scopes)
}
# Get access token
token_response = requests.post(token_endpoint, data=token_data)
access_token = token_response.json().get('access_token')
# Create app registration in Azure AD B2C
create_app_endpoint = f'{resource_url}/v1.0/{TENANT_ID}/applications'
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
url_password = f'{resource_url}/v1.0/applications/{application_id}/addPassword'
print(url_password)
# Construct the request body with password credentials details
password_credentials_data = {
"passwordCredential": {
"displayName": "System_Access_1"
}
}
# Send the request to create password credentials
response = requests.post(url_password, headers=headers, json=password_credentials_data)
# Check the response
if response.status_code == 200:
print("Password credentials created successfully.")
else:
print("Failed to create password credentials. Status code:", response.status_code)
print("Response:", response.text)
但是,我收到错误
https://graph.microsoft.com/v1.0/applications/888-xxxx-xxxx-xxxxx/addPassword
Failed to create password credentials. Status code: 404
Response: {"error":{"code":"Request_ResourceNotFound","message":"Resource '888-xxxx-xxxx-xxxxx' does not exist or one of its queried reference-property objects are not present.","innerError":{"date":"2024-02-26T16:01:36","request-id":" ","client-request-id":""}}}
我遵循了这里的方法,
https://learn.microsoft.com/en-us/graph/api/application-addpassword?view=graph-rest-1.0&tabs=http
我检查了 Azure Active Directory 并且该应用程序存在。潜在的原因可能是什么?
考虑到应用程序清单如下,
{
"id": "e9e28b75-9236-46c3-8422-f5aebc7d6df3",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [],
"allowPublicClient": false,
"appId": "77b9c7ae-b4d4-4d51-b479-9bae4a0186db",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2024-02-26T14:40:35Z",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
}
正确的网址是,
https://graph.microsoft.com/v1.0/applications/e9e28b75-9236-46c3-8422-f5aebc7d6df3/addPassword
这使用
id
而不是 appId