Error message here!

Hide Error message here!

忘记密码?

Error message here!

请输入正确邮箱

Hide Error message here!

密码丢失?请输入您的电子邮件地址。您将收到一个重设密码链接。

Error message here!

返回登录

Close

[azure developer] uses postman to obtain the authorization token of the application registered in azure AD and set authorization for azure rest API

Two lights on the side of the road 2021-01-14 21:04:08 阅读数:2 评论数:0 点赞数:0 收藏数:0

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in Azure.

Problem description

When we use REST API call Azure On any resource , Need to be in Request Header Provided in the Authorization Value .

  How to get Authorizatoin The value of ?

  • A quick way Is access Azure Gateway , adopt F12( Developer tools ) View in Network Requested in Header Medium Authorization value . The operation steps are shown in Appendix I
  • A formal way It's using AAD API obtain Token.

The following content mainly introduces how to pass AAD API obtain Token( Conventional operation mode ).

 

Operation steps

One : precondition

Two : Prepare parameters

1, obtain

 

 

2, Get directory ( Tenant ) ID [tenant]

3, obtain

An overview of the application (Overview) Copy the tenant in the page (tenant), client (). See the three groups in the picture above GUID Numbers .

4, Get the client password [client_secret]

  • stay AAD Application page , Get into “ Certificates and passwords ” page , Click on “ New client password ” Button , Add new Secret( Because the password value can only be seen at the beginning of creation , So you have to copy it before you leave the page

 

 

notes : Calling OAuth 2.0 obtain token When , You also need to set scope and grant_type, In the current example , Separate use https://microsoftgraph.chinacloudapi.cn/.default and client_credentials Value

scope:

https://microsoftgraph.chinacloudapi.cn/.default
grant_type: client_credentials

3、 ... and : call Token endpoints

Use Postman call Token endpoints , All the parameters are :

Request mode POST
request URL https://login.chinacloudapi.cn/{TENANT}/oauth2/v2.0/token
request Body

tenant:{TENANT}
client_id:{CLIENT ID}
scope:https://microsoftgraph.chinacloudapi.cn/.default
grant_type:client_credentials
client_secret:{SECRET VALUE}

Response after successful request Body

{
    "token_type": "Bearer",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IjFJRk1tbFNMcnV1 ... ... ... ...  W0Da3_LzLhdNA"
}

Postman Screenshot description :

 

Get access_token After the value of , Can be used as Auzre REST API Interface Authroization Value .

Four : analysis Token

visit https://jwt.io/, Can decode Token Content , View the current Token The permissions carried in (Role). Demonstration operation :

 

Reference material

What is? Azure Active Directoryhttps://docs.azure.cn/zh-cn/active-directory/fundamentals/active-directory-whatis
Microsoft Graph REST API v1.0 reference: https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0

 

Appendix a : adopt F12( Developer tools ) View in Network in Request Of Header Medium Authorization value

 

Copyright statement
In this paper,the author:[Two lights on the side of the road],Reprint please bring the original link, thank you