Azure Active Directory獲取令牌請求http錯誤

Question

我正在使用用於python的活動目錄身份驗證庫，遵循documentation。早前我設法通過Acquire Token with Client Credentials sample的的access_token：

import adal 

RESOURCE_URI = 'https://<mydomain>.crm.dynamics.com' 
AUTHORITY_URL = "https://login.microsoftonline.com/<tenant_id>" 
CLIENT_ID = 'xxxx' #application_id 
CLIENT_SECRET = 'xxxx' 

context = adal.AuthenticationContext(AUTHORITY_URL) 
token = context.acquire_token_with_client_credentials(
    RESOURCE_URI, 
    CLIENT_ID, 
    CLIENT_SECRET) 
print token 

但我得到一個錯誤信息，當我試圖在Acquire token and Refresh token sample

context = adal.AuthenticationContext(AUTHORITY_URL) 
token = context.acquire_token_with_username_password(
    RESOURCE_URI, 
    USERNAME, 
    PASSWORD, 
    CLIENT_ID) 

print token 

>>> adal.adal_error.AdalError: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.........."correlation_id"......} 

Answer 1

adal.adal_error.AdalError: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.........."correlation_id"......}

有兩種類型的應用程序，我們可以上註冊的Azure，本地或Web應用程序。根據錯誤消息，您似乎已註冊了一個有信心的應用，該應用需要提供其客戶機密以獲取訪問令牌。

對於這個問題，請註冊一個原生應用程序，而不是Web應用程序。此外，資源所有者密碼憑據流應仔細考慮使用，因爲這可能會泄漏憑據。請參閱以下鏈接的流程：

The OAuth 2.0 Authorization Framework - Authorization Grant