Microsoft Graph API委派权限

2024-03-29 04:56:36 发布

您现在位置:Python中文网/ 问答频道 /正文

我想得到我的应用程序(python脚本)与图形API代表用户授权。我用this document作为参考。在

关注点: 我想用python来做。是否可以使用“请求”模块并请求授权代码。这将自动打开浏览器,用户将被要求输入凭据,一旦他/她被认证,脚本将自动接收授权码。然后我将使用脚本中的授权代码来获取访问令牌。在

谢谢。在


Tags: 模块代码用户脚本api应用程序图形浏览器
1条回答
网友
1楼 · 发布于 2024-03-29 04:56:36

是的,这是绝对可能的。我在我的GitHub sample here中执行这些步骤。在

一些相关的代码片段:

authentication.py

# External Python Libraries Used:
import requests

# Our Python Functions:
import appconfig as g

# Create headers for REST queries. Used for both ARM and AAD Graph API queries.
def create_headers(access_token):
    return {
        'Authorization': 'Bearer ' + access_token,
        'Accept': 'application/json',
        'Content-Type': 'application/json'
        }

### Start of Authorization Code Grant Flow Authentication
# Note for the Authorization Code Grant Flow, we use the 'common' endpoint by default, rather than specifying a tenant.

# Generate AAD Login URL
def login_url(state, redirect_uri, tenant_id='common'):
    params = {
        'url': g.aad_endpoint + tenant_id + '/oauth2/authorize',
        'response_type': 'code',
        'client_id': g.clientId,
        'redirect_uri': redirect_uri,
        'state': state
        }

    # You can add additional querystrings here if you want to do things like force login or prompt for consent
    login_url = '%(url)s?response_type=%(response_type)s&client_id=%(client_id)s&redirect_uri=%(redirect_uri)s&state=%(state)s' %params

    # Return URL
    return login_url

# Get Access Token using Authorization Code
def get_access_token_code(code, redirect_uri, resource, tenant_id='common'):
    payload = {
        'client_id': g.clientId,
        'code': code,
        'grant_type': 'authorization_code',
        'redirect_uri': redirect_uri,
        'resource': resource,
        'client_secret': g.clientSecret
    }

    token_endpoint = g.aad_endpoint + tenant_id + '/oauth2/token'
    r = requests.post(token_endpoint, data=payload)

    # Return raw Access Token
    return r.json()['access_token']

### End of Authorization Code Grant Flow Authentication

### Start of Client Credential Flow Authentication
# Note that we need to specify Tenant ID for these App Only Tokens. If you use the 'common' endpoint, it will choose the tenant where the app is registered.
def get_access_token_app(resource, tenant_id):
    payload = {
        'client_id': g.clientId,
        'grant_type': 'client_credentials',
        'resource': resource,
        'client_secret': g.clientSecret
        }

    token_endpoint = g.aad_endpoint + tenant_id + '/oauth2/token'
    r = requests.post(token_endpoint, data=payload)

    # Return raw Access Token
    return r.json()['access_token']

views.py

^{pr2}$

graph.py

# Get tenant details for the signed in user. We only return Tenant Display Name and Tenant ID, but more information can be accessed if necessary.
def get_tenant_details(access_token):
    headers = create_headers(access_token)

    params = {
        'url': g.resource_graph,
        'api_version': g.api_version_graph
        }

    # Note we are using the "myorganization" endpoint, which figures out tenant information from the claims in the access token
    tenant_details_url = '%(url)s/myorganization/tenantDetails?api-version=%(api_version)s' %params
    r = requests.get(tenant_details_url, headers=headers)

    #Return Tenant Display Name String and Tenant ID GUID
    return r.json()['value'][0]['displayName'], r.json()['value'][0]['objectId']

# Get user details for the signed in user. We only return the User Principal Name (username) of the user, but more information can be accessed if necessary.
def get_user_details(access_token):
    headers = create_headers(access_token)

    params = {
        'url': g.resource_graph,
        'api_version': g.api_version_graph
        }

    # Note we are using the "me" endpoint, which figures out tenant and user information from the claims in the access token
    user_details_url = '%(url)s/me?api-version=%(api_version)s' %params
    r = requests.get(user_details_url, headers=headers)

    # Return Username String for user.
    return r.json()['userPrincipalName']

相关问题 更多 >