使用 Azure Active Directory 时 Azure Devops REST API 身份验证失败
Azure Devops REST API authentication failing when using Azure Active Directory
我正在使用 adal4j Java 库通过 Azure Active Directory 对 Azure DevOps REST API 调用进行身份验证。我可以使用个人访问令牌进行身份验证,但不能使用 Active Directory。这是我得到的代码 运行:
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId + "/", false, service);
if (clientId != null && clientKey != null) {
ClientCredential credentials = new ClientCredential(clientId, clientKey);
Future<AuthenticationResult> future = context.acquireToken("499b84ac-1321-427f-aa17-267ca6975798", credentials, null);
result = future.get();
}
} finally {
if (service != null) {
service.shutdown();
}
}
我收到以下错误:
StatusCode: 203, ReasonPhrase: 'Non-Authoritative Information'
它尝试重定向到此登录页面:
https://spsprodsin1.vssps.visualstudio.com/_signin?realm=...
我已经使用正确的 directory/tenant 从 Azure DevOps 组织设置连接到 Azure Active Directory。我还在应用程序注册中添加了 Azure DevOps user_impersonation 权限(委派)。
我在这里做错了什么,我该如何解决这个问题?
user_impersonation表示这个API只有在用户允许的情况下才能调用。但是,您获得的令牌带有客户端凭据,只有应用程序权限。
要为用户获取令牌,您可以尝试以下代码:
public static AuthenticationResult GetToeknWithPasswordForDevOps(String username, String password){
ExecutorService service = Executors.newFixedThreadPool(1);
AuthenticationContext context = null;
AuthenticationResult result = null;
try {
context = new AuthenticationContext(AUTHORITY, true, service);
Future<AuthenticationResult> future = context.acquireToken("499b84ac-1321-427f-aa17-267ca6975798", "{your publuc app client id}", username, password, null);
result = future.get();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
} catch (MalformedURLException e) {
e.printStackTrace();
} finally {
service.shutdown();
}
return result;
}
我正在使用 adal4j Java 库通过 Azure Active Directory 对 Azure DevOps REST API 调用进行身份验证。我可以使用个人访问令牌进行身份验证,但不能使用 Active Directory。这是我得到的代码 运行:
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
AuthenticationContext context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId + "/", false, service);
if (clientId != null && clientKey != null) {
ClientCredential credentials = new ClientCredential(clientId, clientKey);
Future<AuthenticationResult> future = context.acquireToken("499b84ac-1321-427f-aa17-267ca6975798", credentials, null);
result = future.get();
}
} finally {
if (service != null) {
service.shutdown();
}
}
我收到以下错误:
StatusCode: 203, ReasonPhrase: 'Non-Authoritative Information'
它尝试重定向到此登录页面:
https://spsprodsin1.vssps.visualstudio.com/_signin?realm=...
我已经使用正确的 directory/tenant 从 Azure DevOps 组织设置连接到 Azure Active Directory。我还在应用程序注册中添加了 Azure DevOps user_impersonation 权限(委派)。
我在这里做错了什么,我该如何解决这个问题?
user_impersonation表示这个API只有在用户允许的情况下才能调用。但是,您获得的令牌带有客户端凭据,只有应用程序权限。
要为用户获取令牌,您可以尝试以下代码:
public static AuthenticationResult GetToeknWithPasswordForDevOps(String username, String password){
ExecutorService service = Executors.newFixedThreadPool(1);
AuthenticationContext context = null;
AuthenticationResult result = null;
try {
context = new AuthenticationContext(AUTHORITY, true, service);
Future<AuthenticationResult> future = context.acquireToken("499b84ac-1321-427f-aa17-267ca6975798", "{your publuc app client id}", username, password, null);
result = future.get();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
} catch (MalformedURLException e) {
e.printStackTrace();
} finally {
service.shutdown();
}
return result;
}