azure - 尝试通过 python msal 库访问 Microsoft Power Automate API

Question

以下代码:

import requests
import json
import msal
config = {
    "authority": "https://login.microsoftonline.com/<My tenant ID>",
    "client_id": "<My client ID>",
    "client_secret": "<My secret>",
    "scope": ["https://graph.microsoft.com/.default"],
}
app = msal.ConfidentialClientApplication(
    config["client_id"],
    authority=config["authority"],
    client_credential=config["client_secret"] )
result = app.acquire_token_silent(config["scope"], account=None)
if not result:
    result = app.acquire_token_for_client(scopes=config["scope"])
bearerToken = result['access_token']
url = "https://<My org ID>.<My org region>.dynamics.com/api/data/v9.1/workflows"
headers = {
    "Accept": "application/json",
    "Content-type": "application/json",
    "Authorization": "Bearer "+bearerToken,
}
response = requests.request("GET", url, headers = headers)
response

正在产生以下输出:

<Response [401]>

预期的输出是这样的:

{
    "@odata.context": "https://org00000000.crm0.dynamics.com/api/data/v9.1/$metadata#workflows",
    "value": [{
        "@odata.etag": "W/\"12116760\"",
        "category": 5,
        "statecode": 0,
        "workflowidunique": "00000000-0000-0000-0000-000000000001",
        "workflowid" : "00000000-0000-0000-0000-000000000002",
        "createdon": "2018-11-15T19:45:51Z",
        "_ownerid_value": "00000000-0000-0000-0000-000000000003",
        "modifiedon": "2018-11-15T19:45:51Z",
        "ismanaged": false,
        "name": "Sample flow",
        "_modifiedby_value": "00000000-0000-0000-0000-000000000003",
        "_createdby_value": "00000000-0000-0000-0000-000000000003",
        "type": 1,
        "description": "This flow updates some data in Common Data Service.",
        "clientdata": "{\"properties\":{\"connectionReferences\":{\"shared_commondataservice\":{\"source\":\"NotSpecified\",\"id\":\"/providers/Microsoft.PowerApps/apis/shared_commondataservice\",\"tier\":\"NotSpecified\"}},\"definition\":{...}},\"schemaVersion\":\"1.0.0.0\"}"
    }]
}

...如此处显示的 Microsoft 文档所示:https://learn.microsoft.com/en-us/power-automate/web-api 以前我:

1. 在 Azure 中注册应用程序并生成 key ，如以下链接中所示的过程所示:https://learn.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory#create-an-application-registration
2. 已创建应用角色，如下所述:https://learn.microsoft.com/en-us/power-platform/admin/database-security#minimum-privileges-to-run-an-app
3. 创建了一个 Dataverse 应用程序用户，链接到 1. 中创建的应用程序以及 2. 中创建的角色，如下所述:https://learn.microsoft.com/en-us/powerapps/developer/data-platform/authenticate-oauth#manually-create-a-dataverse-application-user

为什么这不起作用？

Answer 1

感谢 @microsoft 支持团队，终于找到了解决方案。 是范围，其正确内容是:

    "scope": ["https://<My org ID>.<My org region>.dynamics.com/.default"],