这里是对azure oauth2客户端凭证的描述。 https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service我可以使用azure oauth2客户端凭据流访问经典的azure服务管理rest api吗?
我可以发出一个请求,以获得访问令牌是这样的:
POST /f2eae84a-d4b2-4f23-a74b-cdb32db66fd4/OAuth2/Token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
grant_type=client_credentials&client_id=e7ce6e44-3df6-4183-bcde-8e360fc7b685&client_secret=xxxxxxxxxxxxxxxxxxxxxxx&resource=https%3A%2F%2Fmanagement.core.windows.net%2F
它返回一个访问令牌succussfully
但是当我使用该令牌访问服务管理API这样的:
GET /30dc506b-71d0-47dc-ab86-1a1c0ce4bea1/services/storageservices HTTP/1.1
Host: management.core.windows.net
Authorization: Bearer XXXXXXXXXXXXXXXXXXX
Accept: application/json
Cache-Control: no-cache
它返回一个403