我应该 select 使用哪种类型的 app/authentication 流程来使用 Python 脚本和个人 Microsoft 帐户阅读我的云 OneNote 内容?
What type of app/authentication flow should I select to read my cloud OneNote content using a Python script and a personal Microsoft account?
我对 MS Identity 服务完全陌生,我对我需要做的事情有很多选择感到不知所措
这是我想要实现的目标: 我有一个 OneNote 个人帐户和存储在 MS 云(我猜是 OneDrive)中的笔记。我需要能够 运行 一个 Python 脚本,获取我的笔记内容,进行一些处理并将它们保存回来。这将来自家用 Windows10 计算机
上的命令行
我的问题:我应该在 MS AD 中注册什么类型的应用程序以及我应该使用什么类型的身份验证流程?
我已经尝试了很多东西,这是我所能得到的:
-我用 Azure AD 注册了一个应用程序(尝试了个人和 AD 应用程序)
- 我将应用程序配置为 Windows 应用程序
-我选择了一个设备认证流程
我在两种类型的应用程序中都尝试了此代码
import requests
import json
from msal import PublicClientApplication
tenant = "5fae6798-ca1a-49d4-a5fb-xxxxxxx" ◄ regular app
client_id = "d03a79d3-1de0-494c-8eb0-xxx" ◄ personal app
#client_id="bbd3d6df-f5f3-4206-8bd5-xxxxxx"
scopes=["Notes.ReadWrite.All","Notes.Read.All","Notes.Read","Notes.Create","Notes.ReadWrite",
"Notes.ReadWrite.CreatedByApp","Notes.Read","Notes.Create","Notes.ReadWrite",
"Notes.ReadWrite.CreatedByApp","Notes.Read.All","Notes.ReadWrite.All"]
endpoint= "https://graph.microsoft.com/v1.0/me"
authority = "https://login.microsoftonline.com/" + tenant
app=PublicClientApplication(client_id=client_id, authority=authority)
flow = app.initiate_device_flow(scopes=scopes)
if "user_code" not in flow:
raise ValueError(
"Fail to create device flow. Err: %s" % json.dumps(flow, indent=4))
print(flow["message"])
result = app.acquire_token_by_device_flow(flow)
endpoint= "https://graph.microsoft.com/v1.0/users/c5af8759-4785-4abf-9434-xxxx/onenote/notebooks"
if "access_token" in result:
# Calling graph using the access token
graph_data = requests.get( # Use token to call downstream service
endpoint,
headers={'Authorization': 'Bearer ' + result['access_token']},).json()
print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
print(result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id")) # You may need this when reporting a bug
正常申请
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code AH2UHFDXB to authenticate.
Graph API call result: {
"error": {
"code": "30108",
"message": "OneDrive for Business for this user account cannot be retrieved.",
"innerError": {
"request-id": "016910d2-c193-4e3f-9d51-52fce86bfc72",
"date": "2020-05-14T16:45:44"
}
}
}
个人应用输出
Fail to create device flow. Err: {
"error": "invalid_request",
"error_description": "AADSTS9002331: Application 'bbd3d6df-f5f3-4206-8bd5-xxxxxxx'(OneNotePersonal) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request.\r\nTrace ID: 1c4047e6-98a8-4615-9a0c-4b0dc9ba5600\r\nCorrelation ID: a6733520-6df9-422a-a6b4-e8f4e2de1265\r\nTimestamp: 2020-05-14 16:56:27Z",
"error_codes": [
9002331
],
"timestamp": "2020-05-14 16:56:27Z",
"trace_id": "1c4047e6-98a8-4615-9a0c-4b0dc9ba5600",
"correlation_id": "a6733520-6df9-422a-a6b4-e8f4e2de1265",
"interval": 5,
"expires_in": 1800,
"expires_at": 1589477187.9909642,
"_correlation_id": "a6733520-6df9-422a-a6b4-e8f4e2de1265"
}
这样解决了
That error message suggests you to create your authority string as
authority = "https://login.microsoftonline.com/consumers",
因为您使用的是 "personal app" 的 client_id。更改该权限,您可以继续。
我对 MS Identity 服务完全陌生,我对我需要做的事情有很多选择感到不知所措
这是我想要实现的目标: 我有一个 OneNote 个人帐户和存储在 MS 云(我猜是 OneDrive)中的笔记。我需要能够 运行 一个 Python 脚本,获取我的笔记内容,进行一些处理并将它们保存回来。这将来自家用 Windows10 计算机
上的命令行我的问题:我应该在 MS AD 中注册什么类型的应用程序以及我应该使用什么类型的身份验证流程?
我已经尝试了很多东西,这是我所能得到的:
-我用 Azure AD 注册了一个应用程序(尝试了个人和 AD 应用程序)
- 我将应用程序配置为 Windows 应用程序
-我选择了一个设备认证流程
我在两种类型的应用程序中都尝试了此代码
import requests
import json
from msal import PublicClientApplication
tenant = "5fae6798-ca1a-49d4-a5fb-xxxxxxx" ◄ regular app
client_id = "d03a79d3-1de0-494c-8eb0-xxx" ◄ personal app
#client_id="bbd3d6df-f5f3-4206-8bd5-xxxxxx"
scopes=["Notes.ReadWrite.All","Notes.Read.All","Notes.Read","Notes.Create","Notes.ReadWrite",
"Notes.ReadWrite.CreatedByApp","Notes.Read","Notes.Create","Notes.ReadWrite",
"Notes.ReadWrite.CreatedByApp","Notes.Read.All","Notes.ReadWrite.All"]
endpoint= "https://graph.microsoft.com/v1.0/me"
authority = "https://login.microsoftonline.com/" + tenant
app=PublicClientApplication(client_id=client_id, authority=authority)
flow = app.initiate_device_flow(scopes=scopes)
if "user_code" not in flow:
raise ValueError(
"Fail to create device flow. Err: %s" % json.dumps(flow, indent=4))
print(flow["message"])
result = app.acquire_token_by_device_flow(flow)
endpoint= "https://graph.microsoft.com/v1.0/users/c5af8759-4785-4abf-9434-xxxx/onenote/notebooks"
if "access_token" in result:
# Calling graph using the access token
graph_data = requests.get( # Use token to call downstream service
endpoint,
headers={'Authorization': 'Bearer ' + result['access_token']},).json()
print("Graph API call result: %s" % json.dumps(graph_data, indent=2))
else:
print(result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id")) # You may need this when reporting a bug
正常申请
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code AH2UHFDXB to authenticate.
Graph API call result: {
"error": {
"code": "30108",
"message": "OneDrive for Business for this user account cannot be retrieved.",
"innerError": {
"request-id": "016910d2-c193-4e3f-9d51-52fce86bfc72",
"date": "2020-05-14T16:45:44"
}
}
}
个人应用输出
Fail to create device flow. Err: {
"error": "invalid_request",
"error_description": "AADSTS9002331: Application 'bbd3d6df-f5f3-4206-8bd5-xxxxxxx'(OneNotePersonal) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request.\r\nTrace ID: 1c4047e6-98a8-4615-9a0c-4b0dc9ba5600\r\nCorrelation ID: a6733520-6df9-422a-a6b4-e8f4e2de1265\r\nTimestamp: 2020-05-14 16:56:27Z",
"error_codes": [
9002331
],
"timestamp": "2020-05-14 16:56:27Z",
"trace_id": "1c4047e6-98a8-4615-9a0c-4b0dc9ba5600",
"correlation_id": "a6733520-6df9-422a-a6b4-e8f4e2de1265",
"interval": 5,
"expires_in": 1800,
"expires_at": 1589477187.9909642,
"_correlation_id": "a6733520-6df9-422a-a6b4-e8f4e2de1265"
}
这样解决了
That error message suggests you to create your authority string as
authority = "https://login.microsoftonline.com/consumers",
因为您使用的是 "personal app" 的 client_id。更改该权限,您可以继续。