1. 技术文章
  2. Azure: The access token has been obtained from wrong audience or resource

Azure: The access token has been obtained from wrong audience or resource

可紊 提交于 2019-12-07 06:15:28

问题


Trying to create a simple task to list all resources in Azure portal. I followed the direction in the given URL and successfully received token.

http://azure-sdk-for-python.readthedocs.org/en/latest/resourcemanagement.html#authentication

However using the combination of token and superscription_id, I am getting the following error.

ERROR: 

azure.common.AzureHttpError: {"error"{"code":"AuthenticationFailed","message":"The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.windows.net/','https://management.azure.com/'."}}

I have created an application in Active directory and assigned all permission to windows active directory

Following is the code to get token: 

def get_token_from_client_credentials(endpoint, client_id, client_secret):
    payload = {
        'grant_type': 'client_credentials',
        'client_id': client_id,
        'client_secret': client_secret
        # 'resource': 'https://management.core.windows.net/',
    }
    response = requests.post(endpoint, data=payload).json()
    return response['access_token']

auth_token = get_token_from_client_credentials(endpoint='https://login.microsoftonline.com/11111111111-1111-11111-1111-111111111111/oauth2/token',
             client_id='22222222-2222-2222-2222-222222222222',
             client_secret='test/one/year/secret/key',

Trying to consume this token in the following code : 

def get_list_resource_groups(access_token, subscription_id):
    cred = SubscriptionCloudCredentials(subscription_id, access_token)
    resource_client = ResourceManagementClient(cred)
    resource_group_list = resource_client.resource_groups.list(None)
    rglist = resource_group_list.resource_groups
    return rglist

回答1:


That is not impacting (its an optional parameter)

Actually, the resource parameter is required in Service to Service Calls Using Client Credentials flow for access token, this parameter tells your application where to get token. As you need to authenticate ARM requests, you need set 'resource': 'https://management.core.windows.net/' in get_token_from_client_credentials()

And we can also get the information from your error message:

The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.windows.net/','https://management.azure.com/'

Any concern, please feel free to let me know.




回答2:


Looks like you have this line commented out? 

'resource': 'https://management.core.windows.net/',

this is the audience that you are getting the token for so you are going to need this line.



来源:https://stackoverflow.com/questions/34384409/azure-the-access-token-has-been-obtained-from-wrong-audience-or-resource

标签
python
azure
azure-resource-manager
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!