从守护程序应用访问租户Microsoft Graph [英] Access tenants Microsoft Graph from daemon app
问题描述
我正在开发与Microsoft 365 Office Planner交互以操纵Microsoft Graph任务的守护程序.当我调用Microsoft Graph API来获取与租户相关的任务时,会收到未授权的请求异常.
我已经在Azure Active Directory中注册了我的应用程序,还授予了使用Microsoft Graph的权限.
我根据来自此处的过程请求访问令牌:
但是,使用相同权限的委托令牌成功调用了该请求:
作为一种解决方法,您可以检查 OAuth2代码授予流是否对您的情况有用.
其他用户提出了有关使用仅应用程序令牌列出任务的反馈,您可以从https://graph.microsoft.io/en-us/docs/authorization/app_only
I am able to get a token from the Azure Active Directory v2.0 endpoint. The request code is the following:
new KeyValuePair<string, string>("grant_type", "client_credentials"),
new KeyValuePair<string, string>("client_id", "<clent id>"),
new KeyValuePair<string, string>("client_secret", "<client secret>"),
new KeyValuePair<string, string>("resource", @"https://graph.microsoft.com")
var content = new FormUrlEncodedContent(pairs);
var response = client.PostAsync("https://login.microsoftonline.com/<tenant id>/oauth2/token", content).Result;
When I use this access token to perform a request as follow:
client.DefaultRequestHeaders.Authorization= new AuthenticationHeaderValue("Bearer", token);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"));
var response = client.GetAsync(@"https://graph.microsoft.com/beta/tasks").Result;
I get a status code 401 Unauthorized with the following response message:
Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
Is there any authorization process I have not performed to grant access to my app. Please help!!!!
Thanks in advance!!
Based on the test, it seems that Microsoft Graph doesn't support to list tasks with app-only token. After I grant the Group.ReadAll
app permission to the app, I got the error like below with the request:
GET:https://graph.microsoft.com/beta/tasks?$filter=createdBy+eq+'xx@xxxx.onmicrosoft.com'
However the request was called successfully with the delegate-token with same permission:
As a workaround, you may check whether the OAuth2 Code Grant flow is helpful for your scenario.
The other users have raised the feedback about listing the tasks using the app-only token, you can vote this feedback from here if you also want this feature.
这篇关于从守护程序应用访问租户Microsoft Graph的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!