2017-10-11 94 views
1

我正在使用用於python的活動目錄身份驗證庫,遵循documentation。早前我設法通過Acquire Token with Client Credentials sample的的access_token:Azure Active Directory獲取令牌請求http錯誤

import adal 

RESOURCE_URI = 'https://<mydomain>.crm.dynamics.com' 
AUTHORITY_URL = "https://login.microsoftonline.com/<tenant_id>" 
CLIENT_ID = 'xxxx' #application_id 
CLIENT_SECRET = 'xxxx' 

context = adal.AuthenticationContext(AUTHORITY_URL) 
token = context.acquire_token_with_client_credentials(
    RESOURCE_URI, 
    CLIENT_ID, 
    CLIENT_SECRET) 
print token 

但我得到一個錯誤信息,當我試圖在Acquire token and Refresh token sample

context = adal.AuthenticationContext(AUTHORITY_URL) 
token = context.acquire_token_with_username_password(
    RESOURCE_URI, 
    USERNAME, 
    PASSWORD, 
    CLIENT_ID) 

print token 

>>> adal.adal_error.AdalError: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.........."correlation_id"......} 

回答

0

adal.adal_error.AdalError: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.........."correlation_id"......}

有兩種類型的應用程序,我們可以上註冊的Azure,本地或Web應用程序。根據錯誤消息,您似乎已註冊了一個有信心的應用,該應用需要提供其客戶機密以獲取訪問令牌。

對於這個問題,請註冊一個原生應用程序,而不是Web應用程序。此外,資源所有者密碼憑據流應仔細考慮使用,因爲這可能會泄漏憑據。請參閱以下鏈接的流程:

The OAuth 2.0 Authorization Framework - Authorization Grant

相關問題