search

KelvinTegelaar / AzValidate

9 stars 12 forks source link

Not able to get this working #4

Closed lmvdz closed 2 years ago

lmvdz commented 2 years ago

Hi, is there something I need to do to get this working in python?

lmvdz commented 2 years ago 
import requests
import os

from dotenv import load_dotenv, find_dotenv

load_dotenv(find_dotenv())

mgraphSecret = os.getenv('GRAPH_SECRET')
mgraphAppID = os.getenv('GRAPH_APP_ID')
mgraphTenant = os.getenv('TENANT_ID')

api_url = "https://login.microsoftonline.com/" + mgraphTenant + "/oauth2/token"

data = {
    'resource': 'https://adnotifications.windowsazure.com/StrongAuthenticationService.svc/Connector',
    'client_id': mgraphAppID,
    'scope': 'openid',
    'client_secret': mgraphSecret,
    'grant_type': 'client_credentials',
}
response = requests.post(url=api_url, data=data)
response_data = response.json()
access_token = response_data['access_token']

emailAddressToPush = "emailaddress@email.com"

xml = '<BeginTwoWayAuthenticationRequest> \
<Version>1.0</Version>\
<UserPrincipalName>' + emailAddressToPush + '</UserPrincipalName>\
<Lcid>en-us</Lcid> \
<AuthenticationMethodProperties xmlns:a="http://schemas.microsoft.com/2003/10/Serialization/Arrays"> \
<a:KeyValueOfstringstring> \
<a:Key>OverrideVoiceOtp</a:Key> \
<a:Value>true</a:Value> \
</a:KeyValueOfstringstring> \
</AuthenticationMethodProperties> \
<ContextId>69ff05bf-eb61-47f7-a70e-e7d77b6d47d0</ContextId> \
<SyncCall>true</SyncCall> \
<RequireUserMatch>true</RequireUserMatch> \
<CallerName>Pritunl Authy</CallerName> \
<CallerIP>UNKNOWN:</CallerIP> \
</BeginTwoWayAuthenticationRequest>'

response = requests.post(url="https://adnotifications.windowsazure.com/StrongAuthenticationService.svc/Connector//BeginTwoWayAuthentication", headers={"Authorization": "Bearer " + access_token, "Content-Type": "application/xml"}, data = xml)

print(response.content)
lmvdz commented 2 years ago

The server encountered an error processing the request. See server logs for more details.

lmvdz commented 2 years ago

image

KelvinTegelaar commented 2 years ago

i honestly have no clue. You seem to be missing a lot of code though, such as using the correct spn and generating password.

But, this is a powershell solution, not a python solution. Im not really sure why you are asking for help here.

As they say on the internet, Sir, this is a wendys

lmvdz commented 2 years ago

Can you confirm that the powershell script is still working?

KelvinTegelaar commented 2 years ago

Yup

lmvdz commented 2 years ago

Where does the RefreshToken and Genpass token come from? I have an AppID and AppSecret

Also what does spn stand for?

KelvinTegelaar commented 2 years ago

You can check out the docs here https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

lwhitelock commented 2 years ago

Here is a version I made which only uses graph requests which might be easier to convert https://github.com/lwhitelock/AzValidate-1 and here is an improved version I tweaked for CIPP https://github.com/KelvinTegelaar/CIPP-API/blob/master/ExecSendPush/run.ps1