Search code examples
pythonpowershellazurepython-requestsazure-api-apps

Azure App Insights Authentication with Python Requests

I'm trying to authenticate with Azure AD in order to access the Azure Insights REST API, so that I can ultimately access Azure web apps. However, the authentication example in their documentation is limited to C# and PowerShell. I am trying to do the same thing, but with the Python requests library. This is what I have so far, but I am getting a '404 not found' response back. Any ideas on how I can authenticate to the Insights API using the Python requests library?

AUTH = 'https://login.windows.net/%s' % TENANT_ID
RESOURCE = 'https://management.azure.com/'

def auth():
    s = requests.Session()

    params = {
        'grant_type': 'client_credentials',
        'client_id': CLIENT_ID,
        'client_secret': CLIENT_KEY,
        'resource': RESOURCE
    }

    response = s.post(AUTH, params=params)
    print response.url
    print response.status_code
    print response.reason

auth()

EDIT 1:

The updated auth URL fixed it. Thank you. However, I would still like to exclusively use the Python requests library to get the web apps/resource groups. 

RESOURCE_VERSION = '2015-01-01'

RESOURCE_URI = 'https://management.azure.com/subscriptions/%s/resourcegroups' % (SUBSCRIPTION_ID)

s = requests.Session()
payload = {
    'grant_type': 'client_credentials',
    'client_id': CLIENT_ID,
    'client_secret': CLIENT_KEY,
    'resource': RESOURCE
}

response = s.post(AUTHENTICATION_CONTEXT, data=payload).json()
access_token = response['access_token']

s.headers = {
    'Authorization': 'Bearer %s' % access_token,
    'Content-Type': 'application/json'
}

s.params = {
    'api-version': RESOURCE_VERSION
}

response2 = s.get(RESOURCE_URI).json()
print response2

This gives me the following output

{u'error': {u'message': u"The client 'CLIENT_ID' with object id 'OBJECT_ID' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/SUBSCRIPTION_ID'.", u'code': u'AuthorizationFailed'}}

Based off the response, it seemed like it may be a permissions issue in my Azure app, but I've given the app all the permissions I think it has to have and it still gives me the same error message.

A screenshot of my app settings

Solution

  • The authentication endpoint is incomplete. And in .Net, it is wrapped in .Net SDK, and the complete endpoint for authentication token looks like: https://login.microsoftonline.com/<tenant_id>/oauth2/token

    Here is the code snippet:

    from azure.mgmt.common import SubscriptionCloudCredentials
from azure.mgmt.resource import ResourceManagementClient
import requests

def get_token_from_client_credentials(endpoint, client_id, client_secret):
    payload = {
        'grant_type': 'client_credentials',
        'client_id': client_id,
        'client_secret': client_secret,
        'resource': 'https://management.core.windows.net/',
    }
    response = requests.post(endpoint, data=payload).json()
    return response['access_token']

auth_token = get_token_from_client_credentials(
    endpoint='https://login.microsoftonline.com/<tenant_id>/oauth2/token',
    client_id='<client_id>',
    client_secret='<client_secret>',
)
subscription_id = '<subscription_id>'
creds = SubscriptionCloudCredentials(subscription_id, auth_token)

resource_client = ResourceManagementClient(creds)
resource_group_list = resource_client.resource_groups.list(None)
rglist = resource_group_list.resource_groups
print rglist

    You can refer to Resource Management Authentication for more information.