使用 python 的 MS Graph 身份验证

2022-01-21 00:00:00 python office365 microsoft-graph-api

问题描述

尝试编写一个 Python 代码,我想在其中访问我的日历并检索我的日程安排.无法通过身份验证阶段.看过并测试了许多示例,但都需要运行本地服务器,我在本地浏览并需要单击按钮然后输入我的凭据.旨在在我的 Python 代码中执行所有这些操作.

Trying to write a Python code where I would like to access my calendar and retrieve my schedule. Not able to get through the authentication phase. Seen and tested many examples, but all require running a local server where I browse locally and need to click a button and then enter my credentials. Aiming to perform all of this inside my Python code.


解决方案

您可以通过以下两种方式之一实现:

You can achieve this one of two ways:

  1. 使用 资源所有者密码凭据流 - 这允许您将用户名和密码传递给 Azure AD.如果身份验证流程中有任何额外内容(同意、MFA、密码重置),您就会遇到问题.
  2. 使用 客户端凭据流 - 这需要 管理员同意.此外,您必须非常小心这一点,因为该客户端将有权访问有关所有用户的所有信息.这只应与安全客户端一起使用,而不应与其他用户有权访问的客户端一起使用.
  1. Using Resource Owner Password Credential flow - This allows you to pass the username and password to Azure AD. Gotcha's here are if there's any extra thing on the auth flow (consent, MFA, password reset) you'll just get a failure.
  2. Using Client Credentials flow - This one requires admin consent. Also, you have to be really careful about this one as this client will have access to ALL info about all users. This should only be used with secure clients, not clients that other users have access to.

下面是展示这两个的代码片段:

Here's a code snippet that showcases both of these:

import adal
import requests

tenant = "contoso.com"
client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"

username = "foo@contoso.com"
password = "mypassword"

authority = "https://login.microsoftonline.com/" + tenant
RESOURCE = "https://graph.microsoft.com"

context = adal.AuthenticationContext(authority)

# Use this for Client Credentials
#token = context.acquire_token_with_client_credentials(
#    RESOURCE,
#    client_id,
#    client_secret
#    )

# Use this for Resource Owner Password Credentials (ROPC)  
token = context.acquire_token_with_username_password(RESOURCE, username, password, client_id);

graph_api_endpoint = 'https://graph.microsoft.com/v1.0{0}'

# /me only works with ROPC, for Client Credentials you'll need /<UsersObjectId/
request_url = graph_api_endpoint.format('/me')
headers = { 
'User-Agent' : 'python_tutorial/1.0',
'Authorization' : 'Bearer {0}'.format(token["accessToken"]),
'Accept' : 'application/json',
'Content-Type' : 'application/json'
}

response = requests.get(url = request_url, headers = headers)
print (response.content)

相关文章