Azure Active Directory应用程序权限更改延迟 [英] Azure Active Directory Application Permission Change Delay

问题描述

我正在使用Azure Active Directory授予我的应用程序对Microsoft Graph API的访问权限.

I am using Azure Active Directory to give my application access to the Microsoft Graph API.

当我进行权限更改(例如，对各种类型的数据的读/写访问)时，我注意到从保存更改到能够通过API访问新数据的时间有所延迟.但是，我确实注意到，一段时间后，我的API调用开始起作用.我的问题是

When I make permission changes (e.g., read/write access for various types of data) I am noticing a delay from when the changes are saved and when I am able to access the new data through the API. I do notice, however, that after some time my API calls start to work. My questions are

1. 这是预期的行为吗?
2. 是否有文档解释每个Microsoft Graph API请求需要哪些权限?

请注意，在进行每次权限更改后，在提出相关的API请求之前，我正在请求一个新的令牌.

Note that I am requesting a new token after making each permission change, before making the relevant API request.

推荐答案

更改范围(如果使用Azure来管理那些自动化过程)时，必须征得用户的新同意.确保能够使用 PromptBehavior.Always 参数，一次调用ADAL AcquireTocken 方法. 我认为这足以刷新您的同意并提供新的范围.

When you changed your scopes (if you use Azure to manage thoses Autorizations) you have to request new consent from your users. Be sure to be able to call "one time" the ADAL AcquireTocken method, with the PromptBehavior.Always parameter. I think it will be enough to refresh your consents and make your new scopes availables.

这是我使用的宏代码:

        if (mustRefreshBecauseScopesHasChanged)
        {
            authResult = await authContext.AcquireTokenAsync(GraphResourceId, ClientId, AppRedirectURI, PromptBehavior.Always);
        }
        else
        {
            authResult = await authContext.AcquireTokenSilentAsync(GraphResourceId, ClientId);

            if (authResult.Status != AuthenticationStatus.Success && authResult.Error == "failed_to_acquire_token_silently")
                authResult = await authContext.AcquireTokenAsync(GraphResourceId, ClientId, AppRedirectURI, PromptBehavior.Auto);
        }


        if (authResult.Status != AuthenticationStatus.Success)
        {
            if (authResult.Error == "authentication_canceled")
            {
                // The user cancelled the sign-in, no need to display a message.
            }
            else
            {
                MessageDialog dialog = new MessageDialog(string.Format("If the error continues, please contact your administrator.\n\nError: {0}\n\n Error Description:\n\n{1}", authResult.Error, authResult.ErrorDescription), "Sorry, an error occurred while signing you in.");
                await dialog.ShowAsync();
            }
        }

有关范围权限的详细信息，您可以在这里找到它们:

For the scopes permissions détails, you will find them here :

http://graph.microsoft.io/en-us/docs/授权/permission_scopes

这篇关于Azure Active Directory应用程序权限更改延迟的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！