# External Python Libraries Used:
import requests
# Our Python Functions:
import appconfig as g
# Create headers for REST queries. Used for both ARM and AAD Graph API queries.
def create_headers(access_token):
return {
'Authorization': 'Bearer ' + access_token,
'Accept': 'application/json',
'Content-Type': 'application/json'
}
### Start of Authorization Code Grant Flow Authentication
# Note for the Authorization Code Grant Flow, we use the 'common' endpoint by default, rather than specifying a tenant.
# Generate AAD Login URL
def login_url(state, redirect_uri, tenant_id='common'):
params = {
'url': g.aad_endpoint + tenant_id + '/oauth2/authorize',
'response_type': 'code',
'client_id': g.clientId,
'redirect_uri': redirect_uri,
'state': state
}
# You can add additional querystrings here if you want to do things like force login or prompt for consent
login_url = '%(url)s?response_type=%(response_type)s&client_id=%(client_id)s&redirect_uri=%(redirect_uri)s&state=%(state)s' %params
# Return URL
return login_url
# Get Access Token using Authorization Code
def get_access_token_code(code, redirect_uri, resource, tenant_id='common'):
payload = {
'client_id': g.clientId,
'code': code,
'grant_type': 'authorization_code',
'redirect_uri': redirect_uri,
'resource': resource,
'client_secret': g.clientSecret
}
token_endpoint = g.aad_endpoint + tenant_id + '/oauth2/token'
r = requests.post(token_endpoint, data=payload)
# Return raw Access Token
return r.json()['access_token']
### End of Authorization Code Grant Flow Authentication
### Start of Client Credential Flow Authentication
# Note that we need to specify Tenant ID for these App Only Tokens. If you use the 'common' endpoint, it will choose the tenant where the app is registered.
def get_access_token_app(resource, tenant_id):
payload = {
'client_id': g.clientId,
'grant_type': 'client_credentials',
'resource': resource,
'client_secret': g.clientSecret
}
token_endpoint = g.aad_endpoint + tenant_id + '/oauth2/token'
r = requests.post(token_endpoint, data=payload)
# Return raw Access Token
return r.json()['access_token']
views.py
^{pr2}$
graph.py
# Get tenant details for the signed in user. We only return Tenant Display Name and Tenant ID, but more information can be accessed if necessary.
def get_tenant_details(access_token):
headers = create_headers(access_token)
params = {
'url': g.resource_graph,
'api_version': g.api_version_graph
}
# Note we are using the "myorganization" endpoint, which figures out tenant information from the claims in the access token
tenant_details_url = '%(url)s/myorganization/tenantDetails?api-version=%(api_version)s' %params
r = requests.get(tenant_details_url, headers=headers)
#Return Tenant Display Name String and Tenant ID GUID
return r.json()['value'][0]['displayName'], r.json()['value'][0]['objectId']
# Get user details for the signed in user. We only return the User Principal Name (username) of the user, but more information can be accessed if necessary.
def get_user_details(access_token):
headers = create_headers(access_token)
params = {
'url': g.resource_graph,
'api_version': g.api_version_graph
}
# Note we are using the "me" endpoint, which figures out tenant and user information from the claims in the access token
user_details_url = '%(url)s/me?api-version=%(api_version)s' %params
r = requests.get(user_details_url, headers=headers)
# Return Username String for user.
return r.json()['userPrincipalName']
是的,这是绝对可能的。我在我的GitHub sample here中执行这些步骤。在
一些相关的代码片段:
^{pr2}$相关问题 更多 >
编程相关推荐