0

我需要以编程方式获取用户 AKS 集群,但是

我在执行此请求时遇到问题 https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.ContainerService/managedClusters?api-version=2018-03-31

标头:授权:承载 {JWT}

我明白了

{
    "error": {
        "code": "AuthenticationFailed",
        "message": "Authentication failed."
    }
}

我如何检索这个 JWT 令牌

我使用此流程https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios#web-application-to-web-api进行实施

  1. 我用它https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-openid-connect-code获取代码
  2. 在我尝试检索访问令牌 https://login.microsoftonline.com/{tenant-id}/oauth2/token Headers 后:

grant_type :authorization_code
client_id :{myapp-id}
代码:{从步骤1中检索}
client_secret :{myapp-key}
资源:https ://graph.microsoft.com

结果我有带有有效负载的JWT令牌

{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/ee3f07b0-0b4f-4929-acb0-643894a174fa/",
  "iat": 1533214682,
  "nbf": 1533214682,
  "exp": 1533218582,
  "acct": 0,
  "acr": "1",
  "amr": [
    "pwd"
  ],
  "app_displayname": "SinglePageApp-jQuery-DotNet",
  "appidacr": "1",
  "ipaddr": "193.243.159.58",
  "name": "Pasha Kostohrys",
  "platf": "3",
  "puid": "1003BFFDAC20BE5D",
  "scp": "Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All Group.Read.All Group.ReadWrite.All Member.Read.Hidden User.Read User.Read.All User.ReadBasic.All",
  "ver": "1.0",
  "wids": [
    "62e90394-69f5-4237-9190-012177145e10"
  ]
}
4

1 回答 1

0

您检索的不记名令牌的受众是https://graph.microsoft.com/,但您请求的 API 的受众是https://management.core.windows.net/

我认为您应该使用resource : https://management.core.windows.net/来获取不记名令牌,它会起作用。

于 2018-08-03T01:50:12.423 回答