I am trying to hit microsoft to do list api using python program.
Api : https://graph.microsoft.com/beta/me/todo/lists , which resulted in error : Access is denied due to invalid credentials. But when I tried the api : https://graph.microsoft.com/v1.0/users, I am getting the results properly. The documentation of the api (https://learn.microsoft.com/en-us/graph/api/resources/todo-overview?view=graph-rest-beta) says "Currently, the API supports only permissions delegated by the signed-in user". Currently I am trying to get auth code and then auth token and then hitting the API. To act as signed in user, what method should I follow in python? Please note I am not using a web frame work. When I tried using flask and then hitting the API , it works. Need to know how a browserless console python application can serve the purpose.
Thank youin advance for the help
You are getting an App only token using a client credential flow and it doesn't ask for user credentials. Please check these Authentication flows and according to your requirement you can choose one of these and implement it. In other ways you can test your HTTP call in Graph Explorer by adding permissions there itself. Your call works here because you will login as user.
Related
I'm finding a way to automate the authentication from AAD with python.
In the past i used username and password for login to OneDrive and it worked properly. Here is the code:
pca = msal.PublicClientApplication(CLIENT_ID, authority=AUTHORITY_URL)
token = pca.acquire_token_by_username_password(USERNAME, PASSWORD, SCOPES)
Now, that i have two factor authentication i cannot use the same code to access OneDrive account.
I've searched the internet but all the solutions that i found requires to open the browser, and i can't do this because python script is a chronjob and runs in the late night. I need a solution that works in "background" without any action required.
Possibly it's better if there is a solution with MSAL library due to some permissions that i should request if i would change the library.
Thanks for the help!
You might consider using the Client-Credentials Grant flow or OAuth2. You would have to modify your cronjob to move away from fetching a token on behalf of the user and update it to acquire a token as the application using the application's identity (the app registration done in AAD). Upgrading to client-credentials flow, which is actually designed for scenarios similar to yours, will help you in situations where you cannot afford user interaction and you want the service to work in the backend.
For more information on Client-Credentials flow, check here.
Also, you can refer to the following python app that implements client-credentials flow:
Call Microsoft Graph API using App Client Secret
Call Microsoft Graph API using App Client Certificate:
I'm looking for the most simple way to gain a JWT token to use when calling Graph API endpoints. There is endless documentation about OAuth2 and so many ways to do that, but I got lost in the process.
My scenario is a backend program listening to an Outlook mailbox.
I read about registering my service in Azure AD etc., but I'm looking for something quicker that bypasses everything. I know such solution exists because in the Graph Explorer it is done fairly easily. I only need the JWT token to make the calls work, nothing more.
I tried calling /common/oauth2/v2.0/token, but it needs a client_secret which I don't have because I haven't registered my service in Azure. I've tried endlessly to mimic the process that is done in Graph Explorer, but with no luck.
I’m sorry to announce that, but Graph Explorer is an Azure AD registered app by default and you will have no choice but to create an app, this is how Graph API works, and for that, you can follow this link for a non authenticated use https://learn.microsoft.com/en-us/graph/auth-v2-service or this link for calling Graph on behalf of a user https://learn.microsoft.com/en-us/graph/auth-v2-user
I am trying to access an API which is at azurewebsites.net. I am new to Azure platform and I don't know if for accessing this API through my code, would I need any additional configurations in the Azure platform? I tried the normal request method to get the API data in python but it throws an authentication error. Do I need to register my app in the Azure?
Here's what I am trying:
r = requests.get("url",
headers={
"Accept": "application/json"},
cookies={},
auth=('email', 'pass'),
)
Could someone please guide me through this? Thankyou.
Because I don't know what settings your azure website has done, so I can only give you a general solution.
Steps to try:
First of all, make sure that you can access your api site normally. You can test other interfaces to ensure that the api site is running normally.
When the website is running normally, check whether the aad setting is made on the portal.
If not, please use postman to test the interface to ensure that it can be accessed normally in postman, and then use the code to test by checking the url, header and other parameters.
😋If yes, please obtain Beartoken and add it when accessing the interface. I see that you are using email and pass, then you can use ropc flow get Beartoken. Then you can bring this verification when you visit each interface.
Related post:
Is there a way to improve the performance of MSAL-browser js login?
I used to query my financial data through Power Query in Power BI. Recently I've switched to doing it through a python script running on Google Cloud functions, triggered by Cloud Scheduler. (is this the best way?) It saves a csv file to GCStorage.
The party that provides the data I'm after is switching to oAuth 2.0 using either implicit or authorization code flow. I believe this means that somewhere in this flow a browser is opened where username and password must be entered. Also I need to give a redirect uri to this party, I'm not sure how to implement this in my current setup.
Anyone have an idea? More info about the API can be found here. https://accounting.twinfield.com/webservices/documentation/#/ApiReference/Authentication/OpenIdConnect
Usually the Authorization Code flow would be the way to go in your kind of application.
You will send a authentication request to their API(redirecting the user). They will authenticate the User and redirect the user back to your application, using the redirect URI you provided.
You can get an access token or ID token from their token endpoint using the code, your client id and your client secret.
I'm trying to submit a query into Google's BigQuery and retrieve results - all from a python script. While there's straightforward documentation on doing so, the only option that I've found for querying from private tables/collections is to use an authorization code. However, this python script is utilized via a webpage used by users who know nothing about code - therefore there is no room to get/submit authorization codes, as the user simply uses the webpage and python script by clicking a few buttons. Is there any way to get the authorization code and submit it behind the scenes, or to query a private table without an authorization code altogether (best option)? Thanks so much!
You can use a service account:
Client libraries can use Application Default Credentials to easily
authenticate with Google APIs and send requests to those APIs. With
Application Default Credentials, you can test your application locally
and deploy it without changing the underlying code
https://cloud.google.com/bigquery/authentication#bigquery-authentication-python