使用 Log Analytics REST API 和 MSAL 而不是 ADAL
Using the Log Analytics REST API with MSAL instead of ADAL
所以这有效:
$LATokenRequestBody = @{
tenant = $myVarTenantId
client_id = $myVarClientId
client_secret = $myVarClientSecret
resource = "https://api.loganalytics.io"
grant_type = "client_credentials"
}
$LATokenResponse = Invoke-RestMethod -Method Post -Uri $ADALTokenEndpoint -Body $LATokenRequestBody
$LARequestHeaderParameters = @{'Authorization'="$($LATokenResponse.token_type) $($LATokenResponse.access_token)"}
$LAQueryBody = @{query = $myVarLAQuery} | ConvertTo-Json
$LAResponse = Invoke-RestMethod -UseBasicParsing -Headers $LARequestHeaderParameters -Uri $LAEndpoint -Method Post -Body $LAQueryBody -ContentType "application/json"
这不是:
$LATokenRequestBody = @{
tenant = $myVarTenantId
client_id = $myVarClientId
client_secret = $myVarClientSecret
scope = "https://westus2.api.loganalytics.io/Data.Read"
grant_type = "client_credentials"
}
$LATokenResponse = Invoke-RestMethod -Method Post -Uri $MSALTokenEndpoint -Body $LATokenRequestBody
$LARequestHeaderParameters = @{'Authorization'="$($LATokenResponse.token_type) $($LATokenResponse.access_token)"}
$LAQueryBody = @{query = $myVarLAQuery} | ConvertTo-Json
$LAResponse = Invoke-RestMethod -UseBasicParsing -Headers $LARequestHeaderParameters -Uri $LAEndpoint -Method Post -Body $LAQueryBody -ContentType "application/json"
其中:
$ADALTokenEndpoint = "https://login.microsoftonline.com/$myVarTenantId/oauth2/token" # required for Log Analytics API
$MSALTokenEndpoint = "https://login.microsoftonline.com/$myVarTenantId/oauth2/v2.0/token"
我在 Log Analytics API 文档中没有看到任何关于支持 MSAL 的提及:
https://dev.loganalytics.io/documentation/Authorization/OAuth2
Log Analytics API 不会接受来自 MSAL 终结点的令牌:
尝试在 $LATokenRequestBody 中使用 scope = https://api.loganalytics.io/.default,应该可以。
所以这有效:
$LATokenRequestBody = @{
tenant = $myVarTenantId
client_id = $myVarClientId
client_secret = $myVarClientSecret
resource = "https://api.loganalytics.io"
grant_type = "client_credentials"
}
$LATokenResponse = Invoke-RestMethod -Method Post -Uri $ADALTokenEndpoint -Body $LATokenRequestBody
$LARequestHeaderParameters = @{'Authorization'="$($LATokenResponse.token_type) $($LATokenResponse.access_token)"}
$LAQueryBody = @{query = $myVarLAQuery} | ConvertTo-Json
$LAResponse = Invoke-RestMethod -UseBasicParsing -Headers $LARequestHeaderParameters -Uri $LAEndpoint -Method Post -Body $LAQueryBody -ContentType "application/json"
这不是:
$LATokenRequestBody = @{
tenant = $myVarTenantId
client_id = $myVarClientId
client_secret = $myVarClientSecret
scope = "https://westus2.api.loganalytics.io/Data.Read"
grant_type = "client_credentials"
}
$LATokenResponse = Invoke-RestMethod -Method Post -Uri $MSALTokenEndpoint -Body $LATokenRequestBody
$LARequestHeaderParameters = @{'Authorization'="$($LATokenResponse.token_type) $($LATokenResponse.access_token)"}
$LAQueryBody = @{query = $myVarLAQuery} | ConvertTo-Json
$LAResponse = Invoke-RestMethod -UseBasicParsing -Headers $LARequestHeaderParameters -Uri $LAEndpoint -Method Post -Body $LAQueryBody -ContentType "application/json"
其中:
$ADALTokenEndpoint = "https://login.microsoftonline.com/$myVarTenantId/oauth2/token" # required for Log Analytics API
$MSALTokenEndpoint = "https://login.microsoftonline.com/$myVarTenantId/oauth2/v2.0/token"
我在 Log Analytics API 文档中没有看到任何关于支持 MSAL 的提及:
https://dev.loganalytics.io/documentation/Authorization/OAuth2
Log Analytics API 不会接受来自 MSAL 终结点的令牌:
尝试在 $LATokenRequestBody 中使用 scope = https://api.loganalytics.io/.default,应该可以。