我有以下代码,主要查找用户可以加入的组:
package main
import (
"context"
"fmt"
"log"
"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
//"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/azure/auth"
)
const (
clientID =
clientSecret =
tenantID =
userPrincipalName = username@myorg.com
)
func main() {
// Create an Azure authentication authorizer
authorizer, err := auth.NewClientCredentialsConfig(clientID, clientSecret, tenantID).Authorizer()
if err != nil {
log.Fatalf("Failed to create Azure authorizer: %v", err)
}
// Create a new Graph Rbac Management client
graphClient := graphrbac.NewGroupsClient(tenantID)
graphClient.Authorizer = authorizer
fmt.Println("----")
// Retrieve the groups that the user is a member of
groups, err := graphClient.List(context.TODO(), fmt.Sprintf("members/userPrincipalName eq '%s'", userPrincipalName))
if err != nil {
log.Fatalf("Failed to retrieve group memberships: %v", err)
}
// Print the group names
for _, group := range groups.Values() {
fmt.Println(*group.DisplayName)
}
}当我运行它时,我得到:
2023/06/22 23:40:24 Failed to retrieve group memberships: graphrbac.GroupsClient#List: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."}}}]我已经检查了我是否有必要的权限。
1条答案
按热度按时间py49o6xq1#
请注意,您的代码在当前已弃用的后端中使用Azure AD Graph API。
有一个名为
msgraph-sdk-go的MS Graph SDK,使用Microsoft Graph API,但它仍然处于非生产预览版,经常更新。我有一个名为**
Sri**的用户,他是以下Azure AD组的成员:当我在我的环境中运行相同的go lang代码来获取这些组名时,我得到了相同的错误如下:
回复:
或者,您也可以使用下面的PowerShell脚本获取用户所在群组的显示名称,如下所示:
回复:
参考文献:
Azure AD Go SDK daemon application list users returns "Access Token missing or malformed" - Stack Overflow by Hury Shen
Azure Active Directory API已弃用· Azure/azure-sdk-for-go(github.com)作者Markus Blaschke