I am trying to access an API which is at azurewebsites.net. I am new to Azure platform and I don't know if for accessing this API through my code, would I need any additional configurations in the Azure platform? I tried the normal request method to get the API data in python but it throws an authentication error. Do I need to register my app in the Azure?
Here's what I am trying:
r = requests.get("url",
headers={
"Accept": "application/json"},
cookies={},
auth=('email', 'pass'),
)
Could someone please guide me through this? Thankyou.
Because I don't know what settings your azure website has done, so I can only give you a general solution.
Steps to try:
First of all, make sure that you can access your api site normally. You can test other interfaces to ensure that the api site is running normally.
When the website is running normally, check whether the aad setting is made on the portal.
If not, please use postman to test the interface to ensure that it can be accessed normally in postman, and then use the code to test by checking the url, header and other parameters.
😋If yes, please obtain Beartoken and add it when accessing the interface. I see that you are using email and pass, then you can use ropc flow get Beartoken. Then you can bring this verification when you visit each interface.
Related post:
Is there a way to improve the performance of MSAL-browser js login?
Related
Hi i've been trying to access the camunda restfull api to get the tasklist but i'm stuck at the very first step where i need to autheticate the user
I found this reference url but it seems to be for camunda cloud
I'm looking for the self hosted client and access the api from the third party like jet admin
Let me know if there is any confusion or need clearification
If I read the linked documentation, I see this part.
Then clicking on the link there it explains how to set up the authentication for the self-managed version.
for self hosted Camunda you need this docs about the rest API.
As you say, the problem now is authentication - so you get 401/403 error code?
By default Camunda uses Basic authentication (you can then add LDAP plugin, e.g. for Keycloak) and the default admin credentials are demo/demo (look here).
So if you get 403, then you can set Basic Auth with this user/password, try it to send in Postman:
I am creating a very small webapp in python/Flask, running under the Azure App Service. The app is protected with Azure AD authentication, which relies on easyauth. The app registration has two configured permissions/scopes: https://graph.microsoft.com/User.Read (to get info about the current user) and https://management.azure.com/user_impersonation (to run queries on the Azure management infrastructure).
Whenever I access the app, I have to login. That is good. I am provided with a number of headers, including X-Ms-Token-Aad-Access-Token which seems to contain an access token.
When I access Microsoft Graph (thus using the https://management.azure.com/user_impersonation scope), all is good (I took away some error handling, for space and clarity):
#app.route("/userinfo")
def userinfo():
token = request.headers.get("X-Ms-Token-Aad-Access-Token")
data = requests.get(
"https://graph.microsoft.com/oidc/userinfo",
headers={ 'Authorization': f"Bearer {token}" },
).json()
When I run pretty much identical code to get the list of web apps, it fails with a simple "AuthenticationFailed" code (also without error handling):
#app.route("/webapp")
def webapp():
token = request.headers.get("X-Ms-Token-Aad-Access-Token")
data = requests.get(
f"https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft.Web/sites?api-version=2019-08-01",
headers={ 'Authorization': f"Bearer {token}" },
).json()
I suspect that the token provided by the app service / easyauth does not support the https://management.azure.com/user_impersonation scope, even though that is specified in the web application setup. But I have no idea, really. It Does Not Work, though. I know that.
The obvious questions: Is this possible? Am I missing something obvious? Is there an easy solution?
(Using MSAL instead of the declarative mechanism seems to work, but I was hoping to use the platform services as much as possible)
Yes, you can.
To call the Azure REST API, you need to leverage the additionalLoginParams in the authsettings of your web app, navigate to the resource explorer -> find your web app -> add ["resource=https://management.azure.com"] to additionalLoginParams like below -> PUT.
After the configuration, when the user login the app, it will let you consent the permission https://management.azure.com/user_impersonation, after the consent, the X-Ms-Token-Aad-Access-Token will be able to call the Azure REST API i.e. https://management.azure.com, but it will not be able to call Microsoft Graph any more, because one access token can only for one API resource, to get the user info, you can hit https://webappname.azurewebsites.net/.auth/me directly, it will include the user info. Also, make sure your user account has the RBAC roles in your subscription e.g. Contributor, Owner, because the permission of the token comes from the user.
For more details, see this similar issue.
I am trying to hit microsoft to do list api using python program.
Api : https://graph.microsoft.com/beta/me/todo/lists , which resulted in error : Access is denied due to invalid credentials. But when I tried the api : https://graph.microsoft.com/v1.0/users, I am getting the results properly. The documentation of the api (https://learn.microsoft.com/en-us/graph/api/resources/todo-overview?view=graph-rest-beta) says "Currently, the API supports only permissions delegated by the signed-in user". Currently I am trying to get auth code and then auth token and then hitting the API. To act as signed in user, what method should I follow in python? Please note I am not using a web frame work. When I tried using flask and then hitting the API , it works. Need to know how a browserless console python application can serve the purpose.
Thank youin advance for the help
You are getting an App only token using a client credential flow and it doesn't ask for user credentials. Please check these Authentication flows and according to your requirement you can choose one of these and implement it. In other ways you can test your HTTP call in Graph Explorer by adding permissions there itself. Your call works here because you will login as user.
I am working on a python script that uses github's api. I intend to share the code with someone to show them how the script works.
Because I cross github's query limit as an anonymous user, I need to have an authentication. What form of authentication should I use in my script since I am sharing it?
Like #Hang stated, I used github's personal access token. This is what I did.
token='my_token'
url='https://api.github.com/search/repositories?q=python'
rslt=requests.get(url,headers={'Authorization':auth})
I am trying to create some Glassware with the Mirror API. I am new to using AppEngine and Jinja2. I have python experience but never with a web framework before. So basically I am very new at this.
I have modified the Python quickstart for the mirror API to include many of my endpoints and designs. Basically I want to be able to be able to POST data from a constrained device to Glass. I have an endpoint all setup which works to accept and parse out the data and send the timeline item.
My problem is that the device itself is acting all on it's own and cannot provide input, therefore when I call my app from it e.g. https://foo.appspot.com?operation=deviceData the app presents the auth page and then nothing happens. I can see in the logs that the auth page is being sent, but the device has no idea what to do with this.
Basically, I need a way where I can hardcode credentials and get around having to do oauth everytime. What is the recommended way to do this? Another app which doesn't require auth which passes the data along? This would be fine as I only need to set this up with one user right now, it is for an internal demo only.
Is it possible to set my credentials in a header and auth automatically without handling any return, more like how basic auth works?
There are also the "Simple API access" keys. Would these work in this situation, I tried creating browser and server keys and tried them on the device and in the browser by doinghttps://foo.appspot.com?operation=deviceData&key=KEY_HERE but in both cases I was still prompted to login. Is this what simple access keys are for? Do they not work with the mirror API?
Basically my question is, what's the easiest way to allow access to my apps endpoints without having to oAuth or having a hard coded user which auto-auths?
Here is the project that I started with: https://github.com/googleglass/mirror-quickstart-python