Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
567 views
in Technique[技术] by (71.8m points)

azure - how do I get multiple API scopes using flask dance make_azure_blueprint

I have a working azure authentication layer set to a flask app using flask dance make_azure_blueprint.

blueprint = make_azure_blueprint(
    client_id=client_id,
    client_secret=client_secret,
    tenant=tenant_id,
    scope=[
        scopes.Email,
        scopes.DirectoryReadAll,
        scopes.OpenID,
        scopes.Profile,
        scopes.UserRead,
        scopes.UserReadAll,
        
                ],
    login_url=LOGIN_URL_PATH,
    authorized_url=AUTH_CALLBACK_URL_PATH,
    redirect_url='http://localhost:5000/',
)
app.register_blueprint(blueprint, url_prefix="/login")

where the scopes are : scopes -

DirectoryReadAll = 'Directory.Read.All'
Email = 'email'
GroupMemberReadAll = 'GroupMember.Read.All'
Profile = 'profile'
OpenID = 'openid'
UserReadBasicAll = 'User.ReadBasic.All'
UserRead = 'User.Read'
UserReadAll = 'User.Read.All'

using this I was able to retrieve the user information and display on the app. Now I am trying to combine Azure Time series insights scope "https://api.timeseries.azure.com//user_impersonation". But this is returning an error saying that this cannot be mixed with resource specific groups. enter image description here

question from:https://stackoverflow.com/questions/65922149/how-do-i-get-multiple-api-scopes-using-flask-dance-make-azure-blueprint

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Your needs are unreachable.

It seems you try to access two apis both default scope and user_impersonation scope. Actually we cannot use multiple scopes to access apis.

You should put the api you want to access in the scope. For example, if you want to access MS graph api, you can put https://graph.microsoft.com/.default. If you want to access a custom api, you can put in api://{back-end app client api}/scope name.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...