如何解决将 Log Analytics REST API 与 MSAL 结合使用,而不是 ADAL
所以这是有效的:
$LATokenRequestBody = @{
tenant = $myVarTenantId
client_id = $myVarClientId
client_secret = $myVarClientSecret
resource = "https://api.loganalytics.io"
grant_type = "client_credentials"
}
$LATokenResponse = Invoke-RestMethod -Method Post -Uri $ADALTokenEndpoint -Body $LATokenRequestBody
$LARequestHeaderParameters = @{'Authorization'="$($LATokenResponse.token_type) $($LATokenResponse.access_token)"}
$LAQueryBody = @{query = $myVarLAQuery} | ConvertTo-Json
$LAResponse = Invoke-RestMethod -UseBasicParsing -Headers $LARequestHeaderParameters -Uri $LAEndpoint -Method Post -Body $LAQueryBody -ContentType "application/json"
这不会:
$LATokenRequestBody = @{
tenant = $myVarTenantId
client_id = $myVarClientId
client_secret = $myVarClientSecret
scope = "https://westus2.api.loganalytics.io/Data.Read"
grant_type = "client_credentials"
}
$LATokenResponse = Invoke-RestMethod -Method Post -Uri $MSALTokenEndpoint -Body $LATokenRequestBody
$LARequestHeaderParameters = @{'Authorization'="$($LATokenResponse.token_type) $($LATokenResponse.access_token)"}
$LAQueryBody = @{query = $myVarLAQuery} | ConvertTo-Json
$LAResponse = Invoke-RestMethod -UseBasicParsing -Headers $LARequestHeaderParameters -Uri $LAEndpoint -Method Post -Body $LAQueryBody -ContentType "application/json"
地点:
$ADALTokenEndpoint = "https://login.microsoftonline.com/$myVarTenantId/oauth2/token" # required for Log Analytics API
$MSALTokenEndpoint = "https://login.microsoftonline.com/$myVarTenantId/oauth2/v2.0/token"
我在 Log Analytics API 文档中没有看到任何关于支持 MSAL 的提及:
https://dev.loganalytics.io/documentation/Authorization/OAuth2
Log Analytics API 不会接受来自 MSAL 端点的令牌:
解决方法
尝试在 scope = https://api.loganalytics.io/.default
中使用 $LATokenRequestBody
,它应该可以工作。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。