在哪里可以找到 Microsoft 应用的 APP ID URI? [英] Where can I find APP ID URI for Microsoft App?
问题描述
我正在尝试使用已注册的应用程序登录,并授予以下权限:Azure 门户 > 应用注册 > 应用注册(预览版)> 我的应用名称 - API 权限
根据
添加应用程序所需的所有应用程序权限"后,您需要为租户中的这些范围授予同意"(这是 API 权限选项卡底部的按钮.
一旦你有了这些,你需要发出一个 POST
到 /token
端点(换行符只是为了便于阅读,这应该是一个单一的字符串):
POST https://login.microsoftonline.com/{{tenantDomain}}/oauth2/token内容类型:application/x-www-form-urlencodedclient_id={您的应用程序 ID}&scope=https://graph.microsoft.com/.default&client_secret={你的客户秘密}&grant_type=client_credentials
这将为您返回如下内容:
<代码>{"token_type": "承载者","expires_in": "3600","ext_expires_in": "3600","expires_on": "1554431330","not_before": "1554427430",资源":00000003-0000-0000-c000-000000000000",access_token":eyJ0eXAiOiJKV1QiLCJub25jZS..."}
当您调用 Graph 时,您需要将 Authorization
标头设置为 token_type access_token
.所以调用 /users
看起来像这样:
获取 https://graph.microsoft.com/v1.0/users授权:承载 eyJ0eXAiOiJKV1QiLCJub25jZS..."主机:graph.microsoft.com"接受:应用程序/json"
I am trying to log in as my registered app, with the permissions granted on: Azure Portal > App registrations > App registrations (Preview) > My App Name - API permissions
According to this documentation, I have to pass my resource identifier (APP ID URI
) in the scope parameter when requesting a token. I am certain that this scope parameter is the one causing me problems.
I have tried different parameters of the scope.
https://graph.microsoft.com/.default
: This works for basic functions, like reading the calendar but I believe that the default permissions are very little for my needs. Since this works, I believe my other parameters are correct, and the scope is the problem.[APP-ID]/.default
: This gives me a successful response, however, whenever I try to make any request, including the basic read calendar request, I getInvalidAuthenticationToken
. I can assure you that I am passing the correct token retrieved from the token request.Multiple different URL combinations based on online suggestions. All of them return
"The resource principal {resource-url} was not found in tenant {id}.
I strongly believe the problem is that I am not passing the correct APP ID URI
for my application. Can anyone tell me where I can find this resource? Everything I have searched online is 2+ years old and does not seem to be the same for the new Azure portal.
For Client Credentials (i.e. getting a token without a user), you need to pass https://graph.microsoft.com/.default
as your scope
.
The permissions https://graph.microsoft.com/.default
provides are the "Application permissions" you specified when registering the application in the portal:
Once you've added all the "Application permissions" you need for your application, you need to "Grant consent" for those scopes in your tenant (this is the button at the bottom of the API permissions tab.
Once you have these in place, you need issue a POST
to the /token
endpoint (line-breaks are just for readability, this should be a single string):
POST https://login.microsoftonline.com/{{tenantDomain}}/oauth2/token
Content-Type: application/x-www-form-urlencoded
client_id={your-app-id}
&scope=https://graph.microsoft.com/.default
&client_secret={your-client-secret}
&grant_type=client_credentials
This will return you something like this:
{
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "3600",
"expires_on": "1554431330",
"not_before": "1554427430",
"resource": "00000003-0000-0000-c000-000000000000",
"access_token": "eyJ0eXAiOiJKV1QiLCJub25jZS..."
}
When you call into Graph you need to set the Authorization
header to token_type access_token
. So calling /users
would look like this:
GET https://graph.microsoft.com/v1.0/users
Authorization:"Bearer eyJ0eXAiOiJKV1QiLCJub25jZS..."
Host:"graph.microsoft.com"
Accept:"application/json"
这篇关于在哪里可以找到 Microsoft 应用的 APP ID URI?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!