尝试通过 python msal 库访问 Microsoft Power Automate API
Trying to access Microsoft Power Automate API via python msal library
以下代码:
import requests
import json
import msal
config = {
"authority": "https://login.microsoftonline.com/<My tenant ID>",
"client_id": "<My client ID>",
"client_secret": "<My secret>",
"scope": ["https://graph.microsoft.com/.default"],
}
app = msal.ConfidentialClientApplication(
config["client_id"],
authority=config["authority"],
client_credential=config["client_secret"] )
result = app.acquire_token_silent(config["scope"], account=None)
if not result:
result = app.acquire_token_for_client(scopes=config["scope"])
bearerToken = result['access_token']
url = "https://<My org ID>.<My org region>.dynamics.com/api/data/v9.1/workflows"
headers = {
"Accept": "application/json",
"Content-type": "application/json",
"Authorization": "Bearer "+bearerToken,
}
response = requests.request("GET", url, headers = headers)
response
正在生成以下输出:
<Response [401]>
预期的输出是这样的:
{
"@odata.context": "https://org00000000.crm0.dynamics.com/api/data/v9.1/$metadata#workflows",
"value": [{
"@odata.etag": "W/\"12116760\"",
"category": 5,
"statecode": 0,
"workflowidunique": "00000000-0000-0000-0000-000000000001",
"workflowid" : "00000000-0000-0000-0000-000000000002",
"createdon": "2018-11-15T19:45:51Z",
"_ownerid_value": "00000000-0000-0000-0000-000000000003",
"modifiedon": "2018-11-15T19:45:51Z",
"ismanaged": false,
"name": "Sample flow",
"_modifiedby_value": "00000000-0000-0000-0000-000000000003",
"_createdby_value": "00000000-0000-0000-0000-000000000003",
"type": 1,
"description": "This flow updates some data in Common Data Service.",
"clientdata": "{\"properties\":{\"connectionReferences\":{\"shared_commondataservice\":{\"source\":\"NotSpecified\",\"id\":\"/providers/Microsoft.PowerApps/apis/shared_commondataservice\",\"tier\":\"NotSpecified\"}},\"definition\":{...}},\"schemaVersion\":\"1.0.0.0\"}"
}]
}
...如此处出现的 Microsoft 文档所示:https://docs.microsoft.com/en-us/power-automate/web-api
以前我:
- 已在 Azure 中注册应用程序并生成密钥,如 link 所示的过程所示:https://docs.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory#create-an-application-registration
- 已按此处所述创建应用角色:https://docs.microsoft.com/en-us/power-platform/admin/database-security#minimum-privileges-to-run-an-app
- 创建了一个 Dataverse 应用程序用户,linked 到在 1. 中创建的应用程序和在 2. 中创建的角色,如下所述:https://docs.microsoft.com/en-us/powerapps/developer/data-platform/authenticate-oauth#manually-create-a-dataverse-application-user
为什么这不起作用?
感谢@microsoft 支持团队,终于找到了解决方案。
是作用域,正确的内容是:
"scope": ["https://<My org ID>.<My org region>.dynamics.com/.default"],
以下代码:
import requests
import json
import msal
config = {
"authority": "https://login.microsoftonline.com/<My tenant ID>",
"client_id": "<My client ID>",
"client_secret": "<My secret>",
"scope": ["https://graph.microsoft.com/.default"],
}
app = msal.ConfidentialClientApplication(
config["client_id"],
authority=config["authority"],
client_credential=config["client_secret"] )
result = app.acquire_token_silent(config["scope"], account=None)
if not result:
result = app.acquire_token_for_client(scopes=config["scope"])
bearerToken = result['access_token']
url = "https://<My org ID>.<My org region>.dynamics.com/api/data/v9.1/workflows"
headers = {
"Accept": "application/json",
"Content-type": "application/json",
"Authorization": "Bearer "+bearerToken,
}
response = requests.request("GET", url, headers = headers)
response
正在生成以下输出:
<Response [401]>
预期的输出是这样的:
{
"@odata.context": "https://org00000000.crm0.dynamics.com/api/data/v9.1/$metadata#workflows",
"value": [{
"@odata.etag": "W/\"12116760\"",
"category": 5,
"statecode": 0,
"workflowidunique": "00000000-0000-0000-0000-000000000001",
"workflowid" : "00000000-0000-0000-0000-000000000002",
"createdon": "2018-11-15T19:45:51Z",
"_ownerid_value": "00000000-0000-0000-0000-000000000003",
"modifiedon": "2018-11-15T19:45:51Z",
"ismanaged": false,
"name": "Sample flow",
"_modifiedby_value": "00000000-0000-0000-0000-000000000003",
"_createdby_value": "00000000-0000-0000-0000-000000000003",
"type": 1,
"description": "This flow updates some data in Common Data Service.",
"clientdata": "{\"properties\":{\"connectionReferences\":{\"shared_commondataservice\":{\"source\":\"NotSpecified\",\"id\":\"/providers/Microsoft.PowerApps/apis/shared_commondataservice\",\"tier\":\"NotSpecified\"}},\"definition\":{...}},\"schemaVersion\":\"1.0.0.0\"}"
}]
}
...如此处出现的 Microsoft 文档所示:https://docs.microsoft.com/en-us/power-automate/web-api 以前我:
- 已在 Azure 中注册应用程序并生成密钥,如 link 所示的过程所示:https://docs.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory#create-an-application-registration
- 已按此处所述创建应用角色:https://docs.microsoft.com/en-us/power-platform/admin/database-security#minimum-privileges-to-run-an-app
- 创建了一个 Dataverse 应用程序用户,linked 到在 1. 中创建的应用程序和在 2. 中创建的角色,如下所述:https://docs.microsoft.com/en-us/powerapps/developer/data-platform/authenticate-oauth#manually-create-a-dataverse-application-user
为什么这不起作用?
感谢@microsoft 支持团队,终于找到了解决方案。 是作用域,正确的内容是:
"scope": ["https://<My org ID>.<My org region>.dynamics.com/.default"],