【发布时间】:2018-08-04 15:11:57
【问题描述】:
我们正在使用 /v1.0/me/people api 从 MS Graph 为用户获取相关人员。当前设置从 2017 年 10 月到 2018 年 4 月一直有效,现在 API 调用返回 403 Forbidden。我发现这个 API 现在需要 People.Read 范围才能工作(https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/user_list_people)。我当前的令牌具有范围:User.Read User.Read.All User.ReadBasic.All。我已尝试从 Azure 门户修改应用注册中的权限,并已将此权限保存在 MS Graph -“委派权限”下:“读取用户的相关人员列表”。但我的令牌似乎仍然没有 People.Read 范围。并且图形 api 正在返回 403。
附加我的JWT令牌以及样品:eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFEWHpaM2lmci1HUmJEVDQ1ek5TRUZFTE8wUnB0OU16N19TX3BRVC1VeFBld0kxQndycmd3OGdHc1Y5b054R1h2eFA2WXhITlB5cWE3aTFDNzFsRkVQclltUmdnczRySnhPNzlFRmlqV0lnZmlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiN19adWYxdHZrd0x4WWFIUzNxNmxValVZSUd3Iiwia2lkIjoiN19adWYxdHZrd0x4WWFIUzNxNmxValVZSUd3In0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3LyIsImlhdCI6MTUzMzI4OTUxOCwibmJmIjoxNTMzMjg5NTE4LCJleHAiOjE1MzMyOTM2NzgsImFjY3QiOjAsImFjciI6IjEiLCJhaW8iOiJBVVFBdS84SUFBQUFrR3IwbG14OHZMcVFacElaeHlHM0x6V0FRbUdkUVA3K2hwK3JXbTQ5MmJtWmRyQ2VDczBqeDVSMHk3ZkZhQ1lNM3B0UWVYQjVVMVNoYm1ZSGdiaGRMUT09IiwiYW1yIjpbIndpYSIsIm1mYSJdLCJhcHBfZGlzcGxheW5hbWUiOiJQaW5nU2VydmljZXNMb2NhbCIsImFwcGlkIjoiYTA3MDQ5MTYtMjc4Zi00ZTM3LWI1NDYtNTJjNjlhNGIyYTlkIiwiYXBwaWRhY3IiOiIxIiwiZV9leHAiOjI2MzA2MCwiZmFtaWx5X25hbWUiOiJCZXJhIiwiZ2l2ZW5fbmFtZSI6IlNvdXJhamVldCIsImluX2NvcnAiOiJ0cnVl IiwiaXBhZGRyIjoiMTY3LjIyMC4yMzguMjciLCJuYW1lIjoiU291cmFqZWV0IEJlcmEiLCJvaWQiOiJhZjBhZjE0Zi0wOTljLTQxYTktYWJjZC02NmJkZDI0NDg4N2IiLCJvbnByZW1fc2lkIjoiUy0xLTUtMjEtMjE0Njc3MzA4NS05MDMzNjMyODUtNzE5MzQ0NzA3LTE0NDU2ODMiLCJwbGF0ZiI6IjMiLCJwdWlkIjoiMTAwMzdGRkU4MjE4RTU3MiIsInNjcCI6IlVzZXIuUmVhZCBVc2VyLlJlYWQuQWxsIFVzZXIuUmVhZEJhc2ljLkFsbCIsInN1YiI6IkE0N2R0SzlEMW1zUG42SGliNE9ZcWNEam5PNW41MUw1OVh2ZGFPZUxOaVEiLCJ0aWQiOiI3MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMWRiNDciLCJ1bmlxdWVfbmFtZSI6InNvYmVyYUBtaWNyb3NvZnQuY29tIiwidXBuIjoic29iZXJhQG1pY3Jvc29mdC5jb20iLCJ1dGkiOiIxTzEzUl9kZmNrcUF6S3JiYUZJRUFBIiwidmVyIjoiMS4wIn0.Wf6Q51AwRIpliIn-3iyyAP9JFQONvc-5ij60gHjp9WJGzJY2BMDudQNRLTo8VTNhbOr7zSEjZkC1eKikumDpsoD0wblemCfpb56jNPLe8SFCHdqbtnxQGu-KHLp4io40-QPYfVnzvKRG9ZV-xauxorjXSeIx6W6rHNz3WR6Gmz5KwR-fqlutN-8yWYu_LK1S0bkuQOPGO3tGYp2cZnwbOverv3O0ZBeYAkNC_N1ssLES4dElzp_YieU3w7F5RqJbdQmQKwBgH4UJf_YSlzGnUQNqmIgpdK3jFtTP-IbvFIVDNcIElViFwa0zmQLAPilcbxr6gtFWI72sFlDxDPpI_Q P>
【问题讨论】:
-
我不确定您是否要公开发布您的访问令牌。它包含data,例如 ip 地址、用户电子邮件或您的租户 ID。只是一个友好的提示,因为我不确定你是否对此感到满意。
-
你试过Microsoft graph explorer测试它
标签: azure-active-directory microsoft-graph-api