如何使用 python 中的 ADAL 使用 Azure 区块链 Workbench 的用户名和密码获取身份验证承载?

How do you get authentication bearer using a username and password for the Azure Blockchain Workbench using ADAL in python?

我一直在尝试在 Python 的 Azure 区块链 Workbench 上执行一些合同。我一直无法弄清楚如何使用这种方法。 adal.acquire_token_with_username_password()

我需要先执行身份验证以获得承载以进行进一步的 API 调用。 它完美地使用这个 context.acquire_token_with_client_credentials(client_id,client_id,client_secret) 但是,上述不记名令牌未与任何注册用户相关联。

但是,要执行添加新用户等管理任务,必须获得管理员帐户的持有者。所以我想到了使用 acquire_token_with_username_password() 来获取管理员帐户的承载。

import adal
import swagger_client
from swagger_client.api_client import ApiClient
context = adal.AuthenticationContext("https://login.microsoftonline.com/kumarshobhit98outlook.onmicrosoft.com/",api_version=None)
client_id="c62087b9-cfed-4105-a9c2-4fd3953ceed5"
token = context.acquire_token_with_username_password(resource='https://graph.windows.net',username="shobhit@kumarshobhit98outlook.onmicrosoft.com",password="password",client_id=client_id)
print(token['accessToken'])

我猜可能是资源参数不正确。我不知道参数是什么意思。 这也是我得到的错误,

Traceback (most recent call last):
  File "f:/codefundo2019/voting-system-blockchain/contractsShobhit/python/regVoter.py", line 8, in <module>
    token = context.acquire_token_with_username_password(resource='https://graph.windows.net',username="shobhit@kumarshobhit98outlook.onmicrosoft.com",password="Alonso123",client_id=client_id)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\authentication_context.py", line 164, in acquire_token_with_username_password
    return self._acquire_token(token_func)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\authentication_context.py", line 128, in _acquire_token
    return token_func(self)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\authentication_context.py", line 162, in token_func
    return token_request.get_token_with_username_password(username, password)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\token_request.py", line 281, in get_token_with_username_password
    token = self._get_token_username_password_managed(username, password)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\token_request.py", line 177, in _get_token_username_password_managed
    return self._oauth_get_token(oauth_parameters)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\token_request.py", line 112, in _oauth_get_token
    return client.get_token(oauth_parameters)
  File "C:\Users\SHOBHIT KUMAR.SHOBHIT-PC.000\.conda\envs\test\lib\site-packages\adal\oauth2_client.py", line 289, in get_token
    raise AdalError(return_error_string, error_response)
adal.adal_error.AdalError: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: 2492ffdd-46e6-4edb-a412-47eefd200a00\r\nCorrelation ID: 2bbb1de3-b0b8-4510-b723-237e2faa7163\r\nTimestamp: 2019-08-09 06:50:11Z","error_codes":[7000218],"timestamp":"2019-08-09 06:50:11Z","trace_id":"2492ffdd-46e6-4edb-a412-47eefd200a00","correlation_id":"2bbb1de3-b0b8-4510-b723-237e2faa7163"}

我不明白为什么要 client_secret 用户名密码方法

however, to perform admin tasks like adding new users, one has to obtain the bearer for the admin account.

这是不正确的。 token权限与账号无关,而是你授予应用的权限。例如,如果你想调用 add new user api。您需要 User.ReadWrite.All 权限。

转到 Azure 门户->Azure Active Directory->应用程序注册->找到您的应用程序->Api 权限->添加权限->Microsoft Graph->应用程序权限->选择 User.ReadWrite.All 权限->授予管理员同意。

I guess maybe the Resource parameter is incorrect. I do not know what the parameter means

这是目标网站的 App ID URI API(安全资源)。它也可能是外部资源,如 https://graph.microsoft.com. You set it with https://graph.windows.net. Then you will only be able to call Azure AD graph api.

I do not understand why is it asking for a client_secret for the username password method.

您需要将应用程序视为 public 客户端。