【发布时间】:2018-11-06 17:10:47
【问题描述】:
我们想要与 Office 365 日历交互,此时我们正在调用 Microsoft Graph,但我们得到了 401(未经授权)。
我们使用的是 Microsoft.Graph 库,典型的获取用户 (graphServiceClient.Users.Request().GetAsync()) 可以正常工作,但创建日历或事件不起作用。 (GraphServiceClient.Me.[...].Request().GetAsync() 也不起作用)。
我们正在手动尝试这个调用,我们没有找到通过库进行的方法。
这就是我们获取令牌的方式(我们使用客户端身份验证而不是用户身份验证)。
我们拼命地向应用授予了所有权限,但我们仍然收到 401
用jwt.io分析的token:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/11111111-24c0-480b-8ae3-a3ac34592a1a/",
"iat": 1541581025,
"nbf": 1541581025,
"exp": 1541584925,
"aio": "11111111111/AAAAA+115sO7D/yAwA=",
"app_displayname": "CalendarCrawler",
"appid": "11111111-efc2-4b9d-ae48-a04977183bd1",
"appidacr": "1",
"e_exp": 262800,
"idp": "https://sts.windows.net/11111111-24c0-480b-8ae3-a3ac34592a1a/",
"oid": "11111111-15f2-479c-9485-7cb9b5cce691",
"roles": [
"Chat.UpdatePolicyViolation.All",
"Calls.JoinGroupCall.All",
"EduRoster.Read.All",
"OnlineMeetings.Read.All",
"Mail.ReadWrite",
"OnlineMeetings.ReadWrite.All",
"Device.ReadWrite.All",
"User.ReadWrite.All",
"Domain.ReadWrite.All",
"Application.ReadWrite.OwnedBy",
"SecurityEvents.Read.All",
"Calendars.Read",
"EduAssignments.ReadWrite.All",
"People.Read.All",
"Application.ReadWrite.All",
"Calls.InitiateGroupCall.All",
"Group.Read.All",
"Directory.ReadWrite.All",
"EduAssignments.ReadWriteBasic.All",
"MailboxSettings.Read",
"EduAdministration.Read.All",
"Calls.JoinGroupCallAsGuest.All",
"Sites.Read.All",
"Sites.ReadWrite.All",
"Contacts.ReadWrite",
"Group.ReadWrite.All",
"Sites.Manage.All",
"SecurityEvents.ReadWrite.All",
"Notes.Read.All",
"User.Invite.All",
"EduRoster.ReadWrite.All",
"Files.ReadWrite.All",
"Directory.Read.All",
"User.Read.All",
"EduAssignments.ReadBasic.All",
"EduRoster.ReadBasic.All",
"Files.Read.All",
"Mail.Read",
"Chat.Read.All",
"ChannelMessage.Read.All",
"EduAssignments.Read.All",
"Calendars.ReadWrite",
"identityriskyuser.read.all",
"EduAdministration.ReadWrite.All",
"Mail.Send",
"ChannelMessage.UpdatePolicyViolation.All",
"MailboxSettings.ReadWrite",
"Contacts.Read",
"IdentityRiskEvent.Read.All",
"AuditLog.Read.All",
"Member.Read.Hidden",
"Calls.AccessMedia.All",
"Sites.FullControl.All",
"Reports.Read.All",
"Calls.Initiate.All",
"Notes.ReadWrite.All"
],
"sub": "11111111-15f2-479c-9485-7cb9b5cce691",
"tid": "11111111-24c0-480b-8ae3-a3ac34592a1a",
"uti": "CFOL_8eguUS2aGh5-jgOAA",
"ver": "1.0",
"xms_tcdt": 1541410090
}
有什么建议吗?
提前致谢
[编辑] 我们又做了一个比较清楚的问题,请关注How to use Microsoft.Graph with client authorization and not get a 401
【问题讨论】:
-
添加这些应用程序权限后,您是否点击了“授予权限”按钮(在您的屏幕截图中也可见)?我问这个是因为您选择的所有权限都需要管理员同意,因此需要“授予权限”。
-
是的,我做到了。我也添加了 Office 365 权限,但没有。
-
好的.. 由于您使用的是应用程序凭据,因此您实际上并没有用户上下文,因此我希望您的读取查询不适用于例如 /me 路径。 . 您能否在其中包含您尝试从日历中读取并在日历中创建事件的代码/查询?
-
目前我们正在尝试手动调用 API -> graph.microsoft.com/v1.0/users/USERID/calendars 并得到 401。令牌是使用 authContext.AcquireTokenAsync(config.Scope, new ClientCredential (config.ClientId, config .ClientSecret));
标签: c# azure active-directory office365 microsoft-graph-api