访问图形API时出现Authorization_IdentityNotFound错误 [英] Authorization_IdentityNotFound Error while accessing graph API

问题描述

我搜索了发现的错误，没有找到任何匹配的问题.所以发布问题.欣赏是否有人提供一些继续进行的指针.

I have searched with the error which I found, Did not find any matching questions. So posting question. Appreciate if some one provides some pointers to proceed.

我的目标是在桌面客户端中访问图形API.我已经开始使用提琴手进行实验.

My goal is to access graph API in my desktop client. I have started using fiddler to experiment.

• 我已按照 https://graph.microsoft.io提供的说明进行操作/en-us/docs/authorization/app_only
• 使用我的Microsoft工作帐户通过应用程序注册"门户注册了Web APP.
• 在委派"权限中提供了读取所有用户"的完整个人资料

• 请求了令牌，并使用Authorization标头中的令牌来调用图形API，出现以下错误.

• I have followed instructions provided at https://graph.microsoft.io/en-us/docs/authorization/app_only
• registered Web APP using Application Registration portal using my Microsoft work account.
• Provided 'Read all users' full profiles in Delegated permissions

• Requested token and Used the token in Authorization header to call the graph API, Getting following error.

https://graph.microsoft.com/v1.0/users
119
{
  "error": {
    "code": "Authorization_IdentityNotFound",
    "message": "The identity of the calling application could not be established.",
    "innerError": {
      "request-id": "4c3a7bc6-e3d8-453c-adc9-5a12fec3b0ee",
      "date": "2016-05-11T00:46:23"
    }
  }
}

推荐答案

该示例帮助我了解了仅应用程序权限的流程. https ://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-microsoft-graph/

This sample helped me understand the flows around app-only permissions. https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-microsoft-graph/

对我来说很重要的要点:

Key takeaways for me:

• 确保您设置了应用程序并指定了所需的应用程序权限
• 请管理员授予应用程序对相关目录运行的权限.

• 获取相关令牌:

• Ensure you set up the app and specify the Application Permissions needed
• Do have an admin grant the app permission to run against the relevant directory.

• Get the relevant token:

请注意，以下请求中的范围为 https://graph.microsoft.com/.默认

Notice the scope in the request below is https://graph.microsoft.com/.default

POST https://login.microsoftonline.com/{tenantname}.onmicrosoft.com/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=6abf3364-0a60-4603-8276-e9abb0d843d6&client_secret=JfgrNM9CcW...&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default

使用令牌请求相关的图形资源，例如:

Use the token to request the relevant graph resource, eg:

GET https://graph.microsoft.com/v1.0/users/demouser01@[tenant-name].onmicrosoft.com/drive/root/children

Accept: application/json
Authorization: Bearer eyJ0eXAiOi

这篇关于访问图形API时出现Authorization_IdentityNotFound错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！