本练习基于模块Microsoft Graph Training Module - Build Python Django apps with Microsoft Graph。
首先,克隆Git仓库
git clone --depth=1 https://github.com/microsoftgraph/msgraph-training-pythondjangoapp.git
cd msgraph-training-pythondjangoapp/
可以看到这个模块包括三个Demo:
- 01-create-app
- 02-add-aad-auth
- 03-add-msgraph
我们跳过前两个Demo,直接进入第三个Demo 03-add-msgraph
cd Demos/03-add-msgraph/graph_tutorial
# 初始化python3的环境
pip3 install -r requirements.txt
# 创建配置文件
cp oauth_settings.yml.example oauth_settings.yml
到App Registeration Portal注册一个APP(普通的微软账户即可),并获得相应的application id
和application secret
,同时填写一个redirect_url,内容为http://localhost:8000/tutorial/callback
,同时在Microsoft Graph Permissions中增加Files.ReadWrite.AppFolder
。
然后把上面的内容填写到配置文件oauth_settings.yml
中去,结果如下:
app_id: 你app的ID
app_secret: 你app的secrete
redirect: http://localhost:8000/tutorial/callback
scopes: openid profile offline_access user.read calendars.read Files.ReadWrite.AppFolder
authority: https://login.microsoftonline.com/common
authorize_endpoint: /oauth2/v2.0/authorize
token_endpoint: /oauth2/v2.0/token
确保当前目录是msgraph-training-pythondjangoapp/Demos/03-add-msgraph/graph_tutorial
,执行以下命令
# 生成数据库
python3 manage.py migrate
# 运行服务
python3 manage.py runserver
终端会显示
Performing system checks...
System check identified no issues (0 silenced).
February 24, 2019 - 10:24:48
Django version 2.1.3, using settings 'graph_tutorial.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
打开一个浏览器,访问http://127.0.0.1:8000/tutorial/
(注意不是根目录哦)
点击Click here to sign in,之后会出现微软账户的登录界面,登录之后会出现一个对话框,问愿不愿意把账户权限赋给该App,点击同意,然后浏览器会自动跳转,返回http://127.0.0.1:8000/tutorial/
。这时候授权就完毕了,点击Web页面的菜单上的HOME,可以你的用户名已经显示在HOME页面上了。
如何查看授权的token?编辑Demos/03-add-msgraph/graph_tutorial/tutorial/templates/tutorial/home.html
,在
{% endblock %}
之上加一行{{ request.session.oauth_token }}
。然后返回浏览器,并刷新页面,就可以看到:
{'token_type': 'Bearer', 'scope': ['openid', 'profile', 'User.Read', 'Calendars.Read', 'Files.ReadWrite.AppFolder'], 'expires_in': 3599, 'ext_expires_in': 3599,
'access_token': 'token内容', 'refresh_token': 'token内容', 'id_token': 'token内容', 'expires_at': 1551007760.170273}
上述的access_token
,可以用来访问相应的资源,而refresh_token
可以用来更新access_token
。
参考
- Azure Active Directory Authentication Libraries
- Authorization and sign-in for OneDrive in Microsoft Graph
- Using an App Folder to store user content without access to all files
- Microsoft Graph permissions reference
- How to display all session variables in django?
- How to authorize developer accounts using OAuth 2.0 in Azure API Management
2020-04-16更新
- How do I perform common OAuth 2.0 tasks using curl commands with the standard endpoints in AM/OpenAM (All versions)?
- Quickstart: Acquire a token and call Microsoft Graph API from a Windows desktop app
- v2.0 Protocols - OAuth 2.0 authorization code flow
- Overview of Microsoft GraphDevelopGet auth tokensGet access on behalf of a user
- How to perform OAuth 2.0 using the Curl CLI?
- OAuth 2.0 for Mobile & Desktop Apps
- Using OAuth 2.0 for Installed Applications
- Execute an Authorization Code Grant Flow
device code flow
- How Device Code Flow works in Azure AD
- tools.ietf.org/html/draft-ietf-oauth-device-flow
- OAuth 2.0 Device Flow
- OAuth 2.0 for TV and Limited-Input Device Applications
## python sample app
https://github.com/microsoftgraph/python-sample-console-app https://github.com/microsoftgraph/python-sample-auth
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
(更新完)