用于MSAL的简单HTML Python CGI
ADAL已贬值,取而代之的是MSAL。 尝试在简单的PythonCGI中实现MSAL(没有烧瓶) 下面是ADAL的工作代码用于MSAL的简单HTML Python CGI,python,msal,Python,Msal,ADAL已贬值,取而代之的是MSAL。 尝试在简单的PythonCGI中实现MSAL(没有烧瓶) 下面是ADAL的工作代码 #!/usr/bin/python # -*- coding: UTF-8 -*- import cgi import cgitb; cgitb.enable() # for troubleshooting from msal import PublicClientApplication import adal form = cgi.FieldStorage()
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import cgi
import cgitb; cgitb.enable() # for troubleshooting
from msal import PublicClientApplication
import adal
form = cgi.FieldStorage()
code = form.getvalue('code')
token = form.getvalue('token')
redirect_uri = 'http://************'
resource = '************'
client_id = '************'
header = ''
message=''
if not code and not token:
auth_template = 'https://adfs.blah.com/adfs/oauth2/authorize?response_type=code&client_id={}&redirect_uri={}'
authorization_url = (auth_template).format(client_id, redirect_uri)
header = '<meta http-equiv="refresh" content="0;url=' + authorization_url + '"/>'
elif code != "" and not token:
authority_url = 'https://adfs.blah.com/adfs'
context = adal.AuthenticationContext(authority_url, validate_authority=False,)
token = context.acquire_token_with_authorization_code(code, redirect_uri, resource, client_id)
refresh_token = token['refreshToken']
token = context.acquire_token_with_refresh_token(refresh_token, client_id, resource,)
token_userid = token["userId"].split("@",1)[0].upper()
message=token_userid
print("Content-Type: text/html;charset=utf-8")
print()
# put css link? the header section vs using <style> in the page <link rel="stylesheet" href="report.css" />
print("""
<!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
{header}
</head>
<body>
{message}
</body>
</html>
""".format(header=header,message=message))
Eric如果您已经有了使用ADAL Python的cgi脚本,那么您至少可以将其用作基线,并像这样开始MSAL Python的故障排除过程
- 创建(您不必创建,除非您的应用程序被分配了机密或证书)。使用相关参数调用它。现在,您可以将其返回的url与脚本前半部分中使用的url进行比较
https://adfs.blah.com/adfs/oauth2/authorize?response_type=code&client_id={}&redirect_uri={}- 哦,等等,事实上,我想这可能就是问题所在。您使用的是一个手工制作的授权URL,该URL适用于您正在使用的ADFS服务器,可能是ADFS 2016或更低版本(因为您使用cgi脚本的后半部分发送的“资源”参数为其提供支持)。MSAL Python可以直接与较新版本的ADF(它接受一个“scope”参数)协同工作,也可以与较旧版本的ADF(在Azure AD背后联合)间接协同工作(意思是,MSAL Python与AAD对话,AAD与您公司的on-prem ADF对话)
- 尽管如此,在MSAL Python中尝试完成get_authorization_request_url()和acquire_token_by_authorization_code()这两个步骤并不有害,而不是混合和匹配。如果这对您不起作用,那么您可能不得不在ADAL Python上呆更长的时间。别担心。阿达尔巨蟒不会消失。adalpython中的现有特性将继续工作
if not code and not token:
auth_template = 'https://adfs.blah.com/adfs/oauth2/authorize?response_type=code&client_id={}&redirect_uri={}'
authorization_url = (auth_template).format(client_id, redirect_uri)
header = '<meta http-equiv="refresh" content="0;url=' + authorization_url + '"/>'
elif code != "" and not token:
result=msal.ConfidentialClientApplication(client_id, client_credential=None, authority=None, validate_authority=True, token_cache=None, verify=True, proxies=None, timeout=None, client_claims=None)
message=result.acquire_token_by_authorization_code(code, ["User.ReadBasic.All"], redirect_uri=None,)
{'error': 'invalid_grant', 'error_description': 'AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 9fdb3fe4-23b0-4779-9e65-3e3e13951500\r\nCorrelation ID: 51d1d399-7732-4c99-8266-ef89c0f74b2c\r\nTimestamp: 2019-10-16 05:32:05Z', 'error_codes': [9002313], 'timestamp': '2019-10-16 05:32:05Z', 'trace_id': '9fdb3fe4-23b0-4779-9e65-3e3e13951500', 'correlation_id': '51d1d399-7732-4c99-8266-ef89c0f74b2c', 'error_uri': 'https://login.microsoftonline.com/error?code=9002313', 'suberror': 'bad_token'}