azure-samples / ms-identity-python-daemon Goto Github PK

I can get user information, but I cannot use other api

only change

"endpoint": "https://graph.microsoft.com/v1.0/users"

"endpoint": "https://graph.microsoft.com/v1.0/me/drive"

Graph API call result: 
{
  "error": {
    "code": "UnknownError",
    "message": "Unable to retrieve user's mysite URL.",
    "innerError": {
      "date": "2021-01-05T06:50:56",
      "request-id": "907f7989-d7ae-4795-ba88-0417318b",
      "client-request-id": "907f7989-d7ae-4795-ba88-0417718b"
    }
  }
}

The file appears to have been renamed to confidential_client_secret_sample.py instead of sample.py. The instructions in the comments at the top of the file saying " You can then run this sample with a JSON configuration file: python sample.py parameters.json" are now incorrect.

C:...\ms-identity-python-daemon-master\1-Call-MsGraph-WithSecret>python sample.py parameters.json
python: can't open file 'C:...\ms-identity-python-daemon-master\1-Call-MsGraph-WithSecret\sample.py': [Errno 2] No such file or directory

Request: Sample for MSSQL connection using ADFS

We need have that dependency file requirements.txt inside each sub-folder
It's used from the quickstart

Hello,

I followed the tuto in this repo to create the cert: server.pem, server.crt.
Uploading server.crt to app's Certificates & secrets as described in the tuto is OK, and the API test is OK too.

But when I tried to upload the cert to Azure Keyvault, server.crt is not validated as Azure keyvault accepts pem file only, but when uploading server.pem to Azure keyvault, I got the error: The specified PEM X.509 certificate content can not be read. Please check if certificate is in valid PEM format. Accepted formats: PEM content or Base64 encoded PEM content.

[ ASK ]
I had my own registered with daemon type of App Integration on Azure AD Portal, but when I follow this application daemon first to configure it seems it always create new App Integration.

How to make this configure using existing App Integration ?

Hi everyone

I'm trying to use this library to authenticate with microsoft using a python deamon. I need to use it to access sharepoint lists so the scope I'm using is https://mytenant.sharepoint.com/AllSites.Read. But I'm always faced with the following error:

AADSTS1002012: The provided value for scope https://mytenant.sharepoint.com/AllSites.FullControl is not valid. Client credential flows must have a scope value with /.default

When trying to use the scope https://mytenant.sharepoint.com/.default, it returns an access token but the sharepoint api returns Unsupported app only token.. I've already given the permissions AllSites.FullControl, Sites.FullControl.All, Sites.Search.All and many others related to sharepoint on the apps registration portal of Azure AD.

Is it not possible to query sharepoint with a "deamon". Is it not possible without redirecting the user to a browser login?

Thanks in advance

Traceback (most recent call last):
  File "/Users/jcachat/screenpilot/ms-identity-python-daemon-master/2-Call-MsGraph-WithCertificate/confidential_client_certificate_sample.py", line 38, in <module>
    app = msal.ConfidentialClientApplication(
  File "/Users/jcachat/anaconda3/envs/BingAPI-py39/lib/python3.9/site-packages/msal/application.py", line 572, in __init__
    self.client, self._regional_client = self._build_client(
  File "/Users/jcachat/anaconda3/envs/BingAPI-py39/lib/python3.9/site-packages/msal/application.py", line 677, in _build_client
    assertion = JwtAssertionCreator(
  File "/Users/jcachat/anaconda3/envs/BingAPI-py39/lib/python3.9/site-packages/msal/oauth2cli/assertion.py", line 89, in __init__
    binascii.a2b_hex(sha1_thumbprint)).decode()
**binascii.Error: Odd-length string**

1-Call-MsGraph-WithSecret WORKED

2-Call-MSGraph-WithCertificate DID NOT!

Still facing this issue even after granting permissions.

Graph API call result:
{
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "d3d91569-9702-478e-90bc-21baa7b31591",
      "date": "2020-01-27T19:20:20"
    }
  }
}

Don't open a file in Python without closing it. This code is bad mojo:

app = msal.ConfidentialClientApplication(
    config["client_id"], authority=config["authority"],
    client_credential={"thumbprint": config["thumbprint"], "private_key": open(config['private_key_file']).read()},
    )

Prefer:

with open(config['private_key_file']) as f:
        key = f.read()
app = msal.ConfidentialClientApplication(
    config["client_id"], authority=config["authority"],
    client_credential={"thumbprint": config["thumbprint"], "private_key": key },
    )