Office 365统一API(预览)请求401错误 [英] Office 365 unified API (preview) requests 401 error

问题描述

我正在尝试使用Office 365统一API(预览版)做一些有趣的事情，并在获得授权时停滞不前. 我使用所需的所有权限制作了应用

I'm trying to make some intersting things with Office 365 unified API (preview) and stuck on the moment with authorization. I made app with all permissions that I need

我正在尝试使用URL登录用户 ""> https://login.windows.net/common/oauth2/授权?response_type = code& client_id = {CLIENT_ID}& resource = https://graph.microsoft. com/"

I'm trying to log in users with URL "https://login.windows.net/common/oauth2/authorize?response_type=code&client_id={CLIENT_ID}&resource=https://graph.microsoft.com/"

一切正常.

我甚至可以通过请求 https://login.windows来获得具有所有作用域的access_token. net/common/oauth2/token .

I even can get access_token with all scopes by request to https://login.windows.net/common/oauth2/token.

但是！我有问题，我无法获取有关用户的任何信息，也无法获取其文件.

BUT! I have problem, I cant get any information about user and cant get his files.

我试图发出这样的请求:

I tried to make requests like this:

我总是只会获得HTTP状态401未经授权.

I always just get HTTP status 401 Unauthorized.

我做错了什么?

ALSO 有关使用统一API的可能性的问题.我的目标是上传大文件(最大1GB).统一API可以吗?我在文档中找不到任何内容，但是我发现OneDrive for Business API无法实现(最大文件大小为100MB).

ALSO Question about possibilities with unified API. My target is to upload large files (up to 1GB). Is it possible with unified API? I can't find anything in documentation, but I found that it is not possible with OneDrive for Business API (max file size is 100MB).

推荐答案

所以今天早些时候遇到了同样的问题:总是出现401未经授权或其他错误.然后，我遇到了以下答案:构建用于以下目的的多租户应用SharePoint Online O365

So struggled with the exact same problem earlier today: always got 401 Unauthorized or other errors. Then I ran across this answer: Building a multi-tenant app for SharePoint Online O365

就是这样:这是非常违反直觉的，但是答案是，在获取发现URL的令牌并执行服务发现之后，您需要为要调用的每个serviceResourceId获取令牌.这里有两个非常重要的要点，即近8个小时的阅读文档并不清楚.

That was it: it is extremely counter-intuitive but the answer was that after getting a token for the discovery URL and performing the service discovery you need to fetch the token for each serviceResourceId you want to call. There are two hugely important points here that almost 8 hours of reading documentation do not make blatantly clear.

每个服务资源ID都有不同的代币

第一点非常令人困惑:我假设这样做是因为各个租户应用程序在单独的群集上运行，并且Microsoft选择了不提供单一授权服务.每个其他执行多租户的实施(例如Google Apps实施)都会为您提供一个令牌，该令牌将您所有的权限包装到一个球中.

The first point is very confusing: I'm assuming its done this way because individual tenant apps are run on separate clusters and Microsoft has opted not to have a single authority service. Every single other implementation that does multi-tenant (for example, the Google Apps implementation) gives you a single token that wraps ALL your permissions into a single ball.

您可以使用相同的代码多次调用令牌检索服务

这令人难以置信是违反直觉的(我故意使用粗体大写).互联网上其他任何地方都没有其他OAuth2服务(并且我已经为30个OAuth2实现轻松编写了代码)，您可以使用相同的代码多次调用令牌检索服务，而不会收到错误.这完全违背了所有默认的期望，这是一个重大的文档失败，没有清楚地说明它是偏离标准惯例的.

This is INCREDIBLY counter-intuitive (I'm using bold caps on purpose). There are simply no other OAuth2 services anywhere else on the Internet (and I've personally written code for easily 30 OAuth2 implementations) where you can call the token retrieval service multiple times with the same code and not receive an error. This goes completely against all default expectations and it is a major documentation failure that its not more clearly spelled out as a deviation from standard practice.

我会再说一遍:在整个Internet上，您实际上不能多次使用相同的OAuth2代码来检索访问令牌.应该在文档中突出显示这一点，而事实并非如此.

I'll say that again: no where else on the entire Internet can you actually use the same OAuth2 code more than once to retrieve an access token. This is something that should be called out PROMINENTLY on the documentation and simply isn't.

如果您仍然遇到此问题，则应使用返回的OAuth2代码进行此操作:

If you continue to have this problem you should do this with the OAuth2 code returned:

1. 使用代码获取访问令牌令牌，并添加请求参数"resource" =" https://api.office.com/discovery/"(斜杠很重要)
2. 呼叫网址 https://api.office.com/discovery/v2.0/me/services "，将Authorization标头设置为在步骤#1中接收到的令牌.这将返回一个JSON对象，并带有 value 值字段将是一个服务数组，此代码将为其返回访问令牌.值数组中的每个对象都将具有serviceResourceId属性.
3. 对于每个对象，您必须使用在步骤#1中使用的SAME代码获得另一个访问令牌，但必须将资源设置为serviceResourceId.

1. Get an access token token using the code and adding the request parameter "resource" = "https://api.office.com/discovery/" (the closing slash is important)
2. Call the url https://api.office.com/discovery/v2.0/me/services" using the Authorization header set to the token received in step #1. This will return a JSON object, with a value field. The value field will be an array of services that this code will return access tokens for. Each object in the value array will have a serviceResourceId property.
3. For each object you will have to get another access token using the SAME code you used in step #1 but with the resource set to the serviceResourceId.

第3步中的代码实际上将授予您访问所需租户端点的权限. 3.

The code from step #3 will actually grant you access to the tenant endpoint you want. 3.

这篇关于Office 365统一API(预览)请求401错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！