无法授予 MS Asure graph API 客户端应用程序获取有关 ManagedDevices 的数据的权限。如何克服?
Can't grant permissions for MS Asure graph API client app to fetch data about ManagedDevices. How to overcome?
我注册了一个新应用,复制了tenant、client_id和client_secret。我可以访问 https://graph.microsoft.com/v1.0 with Bearer, and access token - works fine. But I can't get anything else. Tried to grant scopes to this app - w/o luck.
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import pprint
import adal
import requests
pp = pprint.PrettyPrinter(indent=4).pprint
tenant = "<>"
client_id = "<>"
client_secret = "<>"
authority = "https://login.microsoftonline.com/" + tenant
RESOURCE = "https://graph.microsoft.com"
context = adal.AuthenticationContext(authority)
# Use this for Client Credentials
token = context.acquire_token_with_client_credentials(
RESOURCE,
client_id,
client_secret
)
graph_api_endpoint = 'https://graph.microsoft.com/v1.0{0}'
# /me only works with ROPC, for Client Credentials you'll need /<UsersObjectId/
request_url = graph_api_endpoint.format('/Management/managedDevices')
#request_url = graph_api_endpoint.format('/me')
headers = {
'User-Agent' : 'python_tutorial/1.0',
'Authorization' : 'Bearer {0}'.format(token["accessToken"]),
'Accept' : 'application/json',
'Content-Type' : 'application/json'
}
response = requests.get(url = request_url, headers = headers)
pp(response.json())
这是来自 API
的 HTTP 回复的错误
{ 'error': { 'code': 'UnknownError',
'innerError': { 'date': '2020-03-15T06:57:54',
'request-id': 'f011ca02-f8c6-4bcb-90a2-9decbed2cfce'},
'message': '{"ErrorCode":"Unauthorized","Message":"{\r\n '
'\"_version\": 3,\r\n \"Message\": \"An '
'error has occurred - Operation ID (for customer '
'support): 00000000-0000-0000-0000-000000000000 - '
'Activity ID: f011ca02-f8c6-4bcb-90a2-9decbed2cfce '
'- Url: '
'https://fef.amsua0402.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices?api-version=2018-05-24\",\r\n '
'\"CustomApiErrorPhrase\": \"\",\r\n '
'\"RetryAfter\": null,\r\n '
'\"ErrorSourceService\": \"\",\r\n '
'\"HttpHeaders\": '
'\"{\\\"WWW-Authenticate\\\":\\\"Bearer '
'realm=\\\\\\\"urn:intune:service,c3998d6e-2e37-4c56-87b5-7b444ee1cb26,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7\\\\\\\"\\\"}\"\r\n}","Target":null,"Details":null,"InnerError":null,"InstanceAnnotations":[]}'}}
您使用的客户端凭据流请求具有应用程序权限的访问令牌。
但是,应用程序权限不支持托管设备 API。
参考:
我注册了一个新应用,复制了tenant、client_id和client_secret。我可以访问 https://graph.microsoft.com/v1.0 with Bearer, and access token - works fine. But I can't get anything else. Tried to grant scopes to this app - w/o luck.
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import pprint
import adal
import requests
pp = pprint.PrettyPrinter(indent=4).pprint
tenant = "<>"
client_id = "<>"
client_secret = "<>"
authority = "https://login.microsoftonline.com/" + tenant
RESOURCE = "https://graph.microsoft.com"
context = adal.AuthenticationContext(authority)
# Use this for Client Credentials
token = context.acquire_token_with_client_credentials(
RESOURCE,
client_id,
client_secret
)
graph_api_endpoint = 'https://graph.microsoft.com/v1.0{0}'
# /me only works with ROPC, for Client Credentials you'll need /<UsersObjectId/
request_url = graph_api_endpoint.format('/Management/managedDevices')
#request_url = graph_api_endpoint.format('/me')
headers = {
'User-Agent' : 'python_tutorial/1.0',
'Authorization' : 'Bearer {0}'.format(token["accessToken"]),
'Accept' : 'application/json',
'Content-Type' : 'application/json'
}
response = requests.get(url = request_url, headers = headers)
pp(response.json())
这是来自 API
的 HTTP 回复的错误{ 'error': { 'code': 'UnknownError',
'innerError': { 'date': '2020-03-15T06:57:54',
'request-id': 'f011ca02-f8c6-4bcb-90a2-9decbed2cfce'},
'message': '{"ErrorCode":"Unauthorized","Message":"{\r\n '
'\"_version\": 3,\r\n \"Message\": \"An '
'error has occurred - Operation ID (for customer '
'support): 00000000-0000-0000-0000-000000000000 - '
'Activity ID: f011ca02-f8c6-4bcb-90a2-9decbed2cfce '
'- Url: '
'https://fef.amsua0402.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/managedDevices?api-version=2018-05-24\",\r\n '
'\"CustomApiErrorPhrase\": \"\",\r\n '
'\"RetryAfter\": null,\r\n '
'\"ErrorSourceService\": \"\",\r\n '
'\"HttpHeaders\": '
'\"{\\\"WWW-Authenticate\\\":\\\"Bearer '
'realm=\\\\\\\"urn:intune:service,c3998d6e-2e37-4c56-87b5-7b444ee1cb26,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7\\\\\\\"\\\"}\"\r\n}","Target":null,"Details":null,"InnerError":null,"InstanceAnnotations":[]}'}}
您使用的客户端凭据流请求具有应用程序权限的访问令牌。 但是,应用程序权限不支持托管设备 API。
参考: