Microsoft Graph模式扩展扩展Authorization_RequestDenied [英] Microsoft Graph schemaExtensions Authorization_RequestDenied

问题描述

我正在尝试通过REST API graph.microsoft.com/beta/schemaExtensions

I'm trying to use Microsoft Graph from my app via REST API graph.microsoft.com/beta/schemaExtensions

这是我所做的:

1. 通过 https://apps.dev.microsoft.com

检查所有授权和应用授权

Checked for all Delegated and Application authorizations

获得访问令牌没有用户基于OAuth客户端凭据授予流程

Got access token without a user based on OAuth Client Credentials Grant flow

向管理员征求了从第3点检索到的访问令牌的同意，并成功使用https://login.microsoftonline.com/tenant/adminconsent?client_id=xxx&state=12345&redirect_uri=http://localhost:8081

Asked for Admin Consent with access token retrieved from point 3. and it was successful using https://login.microsoftonline.com/tenant/adminconsent?client_id=xxx&state=12345&redirect_uri=http://localhost:8081

POST到/beta/schemaExtensions并从第3点检索到访问令牌.我遇到此错误:

POST to /beta/schemaExtensions with access token retrieved from point 3. and I have this error:

Authorization_RequestDenied-权限不足，无法完成操作

Authorization_RequestDenied - Insufficient privileges to complete the operation

这是我的问题，希望有人可以帮助我:

So here are my questions, hoping someone could help me:

1. 如何在请求管理员同意后检查委托授权是否正常?
2. 缺少使用schemaExtensions的特权?

1. How do I check if delegate authorization is ok after Admin Consent request?
2. Which privileges are missing to use schemaExtensions?

我的应用程序应该在没有用户的情况下运行，这是首选方法.

My app should work without a user, it's the preferred approach.

推荐答案

这里的事物.

Extensions是GA，在/v1.0版本上可用.请使用它代替/beta.

Extensions is GA and available on the /v1.0 version. Please use that instead of /beta.

我们不支持使用应用程序权限注册架构扩展.根据

We don't support schema extension registration using application permissions. It requires the Directory.AccessAsUser.All permission today (we're also investigating if there's another less privileged permission we can use here) per the create schema extensions topic.

注册架构扩展可以是与应用程序不同的过程，实际上，使用架构扩展可以在目标对象实例上创建自定义数据.

Registering a schema extension can be a separate process from your application actually using the extension to create custom data on target object instances.

因此，我们进行了更改(不久将提供)，以允许您使用Graph Explorer注册和管理应用程序的架构扩展.还有一个用户语音请求，以便在用于模式注册/管理的应用程序注册中拥有UI体验.如果对您很重要，请对此投票.

As such we are making a change (should be available shortly) to allow you to register and manage schema extensions for your app using Graph Explorer. There is also a user voice request to have a UI experience in app registration for schema registration/management. Please vote for this if it's important to you.

一旦Graph Explorer支持注册和管理架构扩展，我将更新这篇文章.

I'll update this post once Graph Explorer supports registering and managing schema extensions.

希望这会有所帮助，

这篇关于Microsoft Graph模式扩展扩展Authorization_RequestDenied的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！