0

I am trying to access an API which is at azurewebsites.net. I am new to Azure platform and I don't know if for accessing this API through my code, would I need any additional configurations in the Azure platform? I tried the normal request method to get the API data in python but it throws an authentication error. Do I need to register my app in the Azure?

Here's what I am trying:

r = requests.get("url",
             headers={
                 "Accept": "application/json"},
             cookies={},
             auth=('email', 'pass'),
             )

Could someone please guide me through this? Thankyou.

sleepyPanda
  • 69
  • 1
  • 7

1 Answers1

1

Because I don't know what settings your azure website has done, so I can only give you a general solution.

Steps to try:

  1. First of all, make sure that you can access your api site normally. You can test other interfaces to ensure that the api site is running normally.

  2. When the website is running normally, check whether the aad setting is made on the portal.

    enter image description here

  3. If not, please use postman to test the interface to ensure that it can be accessed normally in postman, and then use the code to test by checking the url, header and other parameters.

  4. If yes, please obtain Beartoken and add it when accessing the interface. I see that you are using email and pass, then you can use ropc flow get Beartoken. Then you can bring this verification when you visit each interface.

    enter image description here

Related post:

Is there a way to improve the performance of MSAL-browser js login?

Jason Pan
  • 15,263
  • 1
  • 14
  • 29
  • @Jaon Pan, thankyou! I can access the API in normal browser and swagger too, without any authentication error. For step 2, I haven't registered an app yet. Do I need to do this to access it via python? If yes, any additional conf/settings I should take care about? – sleepyPanda Apr 14 '21 at 05:21
  • @sleepyPanda Can you create a sample api for me, let me test in my lcoal. – Jason Pan Apr 14 '21 at 05:25
  • @sleepyPanda Okey, pls press F12, check http request. – Jason Pan Apr 14 '21 at 05:29
  • @sleepyPanda Make headers in code same as your browser. – Jason Pan Apr 14 '21 at 05:29
  • it works when I use the same headers as in the browser. Big thanks! :) So I assume you need some specific headers which I was missing in my code? No other issues? – sleepyPanda Apr 14 '21 at 05:54
  • @sleepyPanda If my reply is helpful, please accept it as answer(click on the mark option beside the reply to toggle it from greyed out to fill in.), see https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work – Jason Pan Apr 14 '21 at 05:55
  • when I close the browser, the cookies expire which is used in the header. So this method would not work in long term I assume? – sleepyPanda Apr 14 '21 at 07:11
  • @sleepyPanda You can use ropc flow to get bear token. Then you can use token to invoke your api. – Jason Pan Apr 14 '21 at 07:13
  • @sleepyPanda What fields are there in the header, there should be a beartoken. These parameters can make your api access normally, right? – Jason Pan Apr 14 '21 at 07:14
  • header fields are - ["Connection"], ["Cache-Control"], ["User-Agent"], ["Accept"], ["Referer"], ["Accept-Language"], ["Cookie"] – sleepyPanda Apr 14 '21 at 07:27
  • @sleepyPanda What parameters did you add take effect in the header? – Jason Pan Apr 14 '21 at 07:28
  • @Jaon Pan only Cookie is compulasory to make it work. Maybe the cookie contains session ID which is breaking the auth barrier temporarily? – sleepyPanda Apr 14 '21 at 07:31
  • @sleepyPanda It should not be. What is filled in your bear token? – Jason Pan Apr 14 '21 at 07:34
  • I don't have any field like "bear token". Along with those mentioned above, I have ["Sec-Fetch-Site"], ["Sec-Fetch-Mode"], ["Sec-Fetch-User"], ["Sec-Fetch-Dest"], ["Referer"], ["Pragma"] in headers and that's it. But to make it work, I am only making the GET req with url and cookie in headers – sleepyPanda Apr 14 '21 at 07:38
  • 1
    @sleepyPanda https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow – Jason Pan Apr 14 '21 at 07:39
  • 1
    @sleepyPanda Try to read this article, when you use this beartoken, you no longer need to use the complex parameters of cookies in the header, and directly use beartoken for access. – Jason Pan Apr 14 '21 at 07:41