Cannot get access token with get_azure_token, but ok with python msal package
samuel-jobert opened this issue · 1 comments
Hi,
I have a web app that have to get an access token to list files in a SharePoint site.
I managed to get a token with msal (Microsoft authentication library) package in python quite easily using username and password :
import msal
config = {
"client_id": "xxxxxxx-yyyy-zzzz-xxxx-yyyyyyy",
"authority": "https://login.microsoftonline.com/my-tenant-id/",
"username": "mylogin",
"password": "***********",
"scope": {"sites.readwrite.all"}
}
app = msal.PublicClientApplication(config["client_id"], authority=config["authority"])
result = app.acquire_token_by_username_password(config["username"], config["password"], scopes=config["scope"])
Result contains the access_token
I have been trying with AzureAuth for a long time, but I think I missed some point.
result = get_azure_token(resource = "https://graph.microsoft.com/.default", tenant = "my-tenant-id",
app = "client-id", username = "mylogin", password = "***********")
I have the following error :
Using resource_owner flow
Error in process_aad_response(res) :
Bad Request (HTTP 400). Failed to obtain Azure Active Directory token. Message:
AADSTS50126: Error validating credentials due to invalid username or password.
Trace ID: xxxxx-yyyy-...
Correlation ID: zzzzzz-xxxxx-...
Timestamp: 2022-05-24 15:06:50Z.
The error is the same if I put "Sites.ReadWrite.All" in the resource parameter.
Do you see where I'm wrong with get_azure_token ?
Because in both languages, I use the same parameter values...
Thanks a lot for your help !
SJ
AzureAuth uses the authentication mechanisms described here: https://docs.microsoft.com/en-au/azure/active-directory/develop/v2-overview -> Reference -> Protocol reference -> OAuth 2.0 and OpenID Connect
See the front page for this repo, the intro vignette or ?get_azure_token. In particular, if you're doing an interactive authentication, you do not put your username and password in the function call.