无法使用Microsoft Graph API更新profilePhoto [英] Can't update profilePhoto with Microsoft Graph API

问题描述

我能够很好地检索个人资料照片，但是在尝试更新照片时遇到了ErrorAccessDenied.据此:

I'm able to retrieve profile photos just fine, but run into ErrorAccessDenied when trying to update photos. According to this:

https://graph.microsoft. io/en-us/docs/api-reference/v1.0/api/profilephoto_update

User.ReadWrite权限应该足够.我已经使用manage.windowsazure.com向我的应用程序分配了此特权(并且还尝试授予所有其他特权)，但仍然会收到错误消息.这是我已授予该应用程序的当前特权:

The User.ReadWrite permission should be sufficient. I have assigned my application this privilege using manage.windowsazure.com (and also tried granting all kinds of other privileges), but still get the error. Here's the current set of privileges I've granted to the app:

Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All email Group.Read.All Group.ReadWrite.All MailboxSettings.ReadWrite offline_access profile User.Read User.Read.All User.ReadBasic.All User.ReadWrite User.ReadWrite.All

我正在使用如下client_credentials流获取Bearer令牌:

I'm obtaining the Bearer token with the client_credentials flow as follows:

curl -d grant_type=client_credentials \
     -d client_id=CLIENT_ID \
     -d client_secret=CLIENT_SECRET
     -d resource=https://graph.microsoft.com \
     https://login.microsoftonline.com/DOMAINNAME/oauth2/token

然后我尝试像这样更新个人资料照片:

I then try to update the profile photo like this:

curl -H "Authorization: Bearer BEARERTOKEN" \
     --request PATCH \
     -H "Content-Type: image/jpeg" \
     -d @photo.jpg
     https://graph.microsoft.com/v1.0/users/USERPRINCIPALNAME/photo/\$value

然后出现以下错误:

{
  "error": {
    "code": "ErrorAccessDenied",
    "message": "Access is denied. Check credentials and try again.",
    "innerError": {
      "request-id": "REQUESTID",
      "date": "2016-05-23T16:42:21"
    }
  }
}

推荐答案

您似乎列出了为应用配置的已授权权限，但是使用客户端凭据流检索了令牌，该凭据使用单独的 application 权限.根据您引用的文档页面，更新用户个人资料照片所需的范围是User.ReadWrite.这仅适用于应用程序范围，包括User.ReadWrite.All.可以使用授权代码授予流程"来更新用户照片(请参阅 https://graph. microsoft.io/en-us/docs/authorization/app_authorization )

It looks like you listed delegated permissions configured for your app, but retrieved the token using the client credentials flow, which uses separate application permissions. As per the documentation page that you referenced the scope required to update user profile photo is User.ReadWrite. This can't be done with the app-only scopes, including User.ReadWrite.All. User photo can be updated using the Authorization Code Grant Flow (see https://graph.microsoft.io/en-us/docs/authorization/app_authorization)

这篇关于无法使用Microsoft Graph API更新profilePhoto的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！