Graph API-可以访问个人Microsoft帐户(Azure AD V2.0端点)的Daemon App [英] Graph API - Daemon App with Access to a Personal Microsoft Account (Azure AD V2.0 endpoint)
问题描述
我正在尝试创建一个可以访问我的个人Microsoft帐户的守护程序(仅代码,仅服务器)应用程序.我无法弄清楚如何获得不过期的Access_Token(或refresh_token).
I am trying to create a Daemon (code-only, server-only) app that can access my Personal Microsoft Account. I cannot figure out how to get an Access_Token that does not expire (or a refresh_token).
我可以使用此处详细介绍的"adminconsent"端点为我的企业(Office 365)帐户创建一个有效的未到期(管理员仅登录一次)后台驻留程序应用程序:
I can create a working non-expiring (admin logs in only once) Daemon app for my Business (Office 365) Account using the "adminconsent" endpoint detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-client-creds/ or here: https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-microsoft-graph/. Unfortunately, I cannot use the "adminconsent" endpoint with my personal account -- returns "This operation can only be performed by an administrator" error. Is there a way I can enable adminconsent for my personal account?
OR
For my personal account, I can use the "authorize" endpoint (as detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-scopes/) and it returns a code (that expires) that can be used to obtain the "access_token"; which works fine in Graph API -- until the access_token expires (3600 seconds). It does not return a "refresh_token". So, after the code/token expires, it then requires the user to log in again. How can I use the authorize endpoint to then obtain tokens that can be refreshed via code only?
推荐答案
包括offline_access范围以获取刷新令牌.请确保将刷新令牌替换为每次刷新时都会返回的新令牌.
Include the offline_access scope to get a refresh token. Be sure to replace your refresh token with the new one that comes back each time you refresh.
这篇关于Graph API-可以访问个人Microsoft帐户(Azure AD V2.0端点)的Daemon App的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
