Microsoft Azure AD 图形 API:如何检索用户的电子邮件地址? [英] Microsoft Azure AD graph API: How do I retrieve a user's email address?

问题描述

我能够访问用户的 accessToken，并且正在使用 授权调用 GET https://graph.microsoft.com/v1.0/me:Bearer 标头.

I am able to get access to a user's accessToken, and am making a call to GET https://graph.microsoft.com/v1.0/me with an Authorization: Bearer <token> header.

但是，在响应正文中，我得到了如下内容:

However, in the response body I'm getting something like this:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
    "value": [
        {
            "givenName": "Foo",
            "surname": "Bar",
            "displayName": "Foo Bar",
            "id": "b41efha115adcca29",
            "userPrincipalName": "email.address@outlook.com",
            "businessPhones": [],
            "jobTitle": null,
            "mail": null,
            "mobilePhone": null,
            "officeLocation": null,
            "preferredLanguage": null
        }
    ]
}

mail 属性为 null，并且此响应正文中的 userPrincipalName 恰好是用户的电子邮件地址.但是，这是来自 Microsoft 的 文档:

The mail property is null, and the userPrincipalName in this response body happens to the be the user's email address. However, there's this from Microsoft's docs:

尽管 UPN 和电子邮件的格式相同，但用户的 UPN 值可能与用户的电子邮件地址相同，也可能不同.

Although the UPN and email share the same format, the value of the UPN for a user might or might not be the same as the email address of the user.

当发起用户的登录请求时，我们请求的是 "user.read" 和 "email" 范围.我们使用 MSAL.js 库来获取访问令牌，我们的代码是这样写的:

When initiating the login request of the user, we're requesting for the "user.read" and "email" scopes. We're using the MSAL.js library to obtain the access token, and our code reads something like this:

login (): ng.IPromise<IMicrosoftOAuthResponse> {
  const prom = this.userAgentApplication.loginPopup(["user.read", "email"])
    .then((idToken) => {
      return this.userAgentApplication.acquireTokenSilent(["user.read", "email"]);
    })
    .then((accessToken) => {
      // at this point, we have the accessToken and make a call to the graph api
    });
  return this.$q.when(prom);
}

如何在此处获取用户的实际电子邮件地址?

How do I get the actual email address of the user here?

推荐答案

mail 属性设置为以下两种方式之一:

The mail property is set in one of 2 ways:

1. 已在本地 AD 上设置，然后使用 AD Connect 同步到 Azure AD
2. 已为云用户分配了 Office 365 许可证(和邮箱)，此时为该许可用户设置了 mail 属性.

如果用户没有 O365 邮箱/许可证，您还可以通过 userPrincipalName、displayName 等搜索用户.$filter 支持 OR 运算符.

If the user does not have an O365 mailbox/license, you could also search for the user by userPrincipalName, displayName, etc. $filter supports the OR operator.

希望这会有所帮助，

这篇关于Microsoft Azure AD 图形 API:如何检索用户的电子邮件地址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！