如何使用具有应用程序权限的 Micosoft Graph v1.0 正确创建在线会议?我收到了禁止回复 [英] How to properly create an Online Meeting with Micosoft Graph v1.0 with Application permission? I'm getting a Forbidden response
问题描述
是否有人成功使用 Microsoft Graph v1.0 的 CreateOrGet 请求使用应用程序权限创建在线会议?我在 Azure 门户上创建了应用程序,并使用客户端 ID 和机密声明并初始化了 GraphServiceClient.
我有一个服务(Hangfire 服务器),它在没有用户交互的情况下执行后台和不同步进程和通知.其中一项功能是让此服务器发送带有嵌入式链接的组织通信到在线团队会议.为此,我正在尝试使用客户端凭据流
我的令牌拥有以下权限:
角色":[OnlineMeetings.Read.All","OnlineMeetings.ReadWrite.All",User.Read.All"],第一列是权限被砍的名字,但是必要的委托和应用权限都在里面,虽然前几天截的截图没有包含User.Read.All的应用权限.我已获得管理员对应用程序权限的同意.您看到的名称是目录名称.
我正在使用带有以下代码的客户端凭据提供程序:
//Client Credentials - Applicationapp = ConfidentialClientApplicationBuilder.Create(config.Value.ClientId).WithTenantId(config.Value.Tenant).WithClientSecret(config.Value.ClientSecret).建造();var scopes = new string[] { "https://graph.microsoft.com/.default"};graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>{//检索 Microsoft Graph 的访问令牌(如果需要,获取新的令牌).authResult = 等待应用.AcquireTokenForClient(范围).ExecuteAsync();//在 API 请求的 Authorization 头中添加访问令牌.requestMessage.Headers.Authorization =new AuthenticationHeaderValue("Bearer", authResult.AccessToken);_logger.LogInformation("GraphClient 中包含的令牌:" + authResult.AccessToken);}));OnlineMeeting onlineMeeting = new OnlineMeeting() {.....}var user = await graphClient.Users[{userPrincipalName}].Request().GetAsync();//<-- 这适用于 User.Read.All 权限_logger.LogInformation("User:" + JsonConvert.SerializeObject(user, serializerSettings));字符串 meetingId = Guid.NewGuid().ToString();OnlineMeeting createdMeeting = await graphClient.Users[user.Id].OnlineMeetings.CreateOrGet(meetingId, null, onlineMeeting.EndDateTime,onlineMeeting.Participants, onlineMeeting.StartDateTime,onlineMeeting.Subject).Request().PostAsync();//<-- 这不起作用,我得到一个 ServiceException这是我得到的错误:
StatusCode: Forbidden ResponseBody: {错误":{代码":禁止",消息":应用程序无权代表此用户创建或获取在线会议.",内部错误":{日期":2021-03-26T15:55:22",请求ID":6e8466cb-807a-44df-93bf-27d42c413e44",客户端请求 ID":6e8466cb-807a-44df-93bf-27d42c413e44"}}}关于可能是什么问题的任何线索?
您可能错过了文档中提到的以下注释:
创建应用程序访问策略步骤:https://docs.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=httpp>
Has anyone successfully used the CreateOrGet request to Microsoft Graph v1.0 to create an Online Meeting using Application permissions? I had the Application created on the Azure Portal, and with the client id and secret declare and initialize the GraphServiceClient.
I have a service(Hangfire Server) which without user interaction does background and out of sync processes and notifications. One of the features is for this server to send organizational communications with embedded links to online Teams meetings. For this, I'm trying to use Client Credential flow
I have the following permissions in my token:
"roles": [
"OnlineMeetings.Read.All",
"OnlineMeetings.ReadWrite.All",
"User.Read.All"
],
The first column has the names of the permissions cut, but the necessary delegate and application permissions are all there, although the screenshot taken a couple of days ago doesn't include the application permission for User.Read.All. I have the Admin's consent on the Application permissions. The name you see painted out is the Directory name.
I'm using the Client Credentials Provider with the following code:
//Client Credentials - Application
app = ConfidentialClientApplicationBuilder
.Create(config.Value.ClientId)
.WithTenantId(config.Value.Tenant)
.WithClientSecret(config.Value.ClientSecret)
.Build();
var scopes = new string[] { "https://graph.microsoft.com/.default" };
graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
{
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
authResult = await app
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
_logger.LogInformation("Token included in GraphClient: " + authResult.AccessToken);
})
);
OnlineMeeting onlineMeeting = new OnlineMeeting() {.....}
var user = await graphClient.Users[{userPrincipalName}].Request().GetAsync(); //<-- This works with the User.Read.All permission
_logger.LogInformation("User: " + JsonConvert.SerializeObject(user, serializerSettings));
string meetingId = Guid.NewGuid().ToString();
OnlineMeeting createdMeeting = await graphClient.Users[user.Id].OnlineMeetings.CreateOrGet(meetingId, null, onlineMeeting.EndDateTime,
onlineMeeting.Participants, onlineMeeting.StartDateTime,onlineMeeting.Subject).Request().PostAsync(); //<-- This doesn't work, and I'm getting a ServiceException
This is the error I get:
StatusCode: Forbidden ResponseBody: {
"error": {
"code": "Forbidden",
"message": "Application does not have permission to CreateOrGet online meeting on behalf of this user.",
"innerError": {
"date": "2021-03-26T15:55:22",
"request-id": "6e8466cb-807a-44df-93bf-27d42c413e44",
"client-request-id": "6e8466cb-807a-44df-93bf-27d42c413e44"
}
}
}
Any clues as to what might be the problem?
You might have missed below note which is mentioned in documentation:
Documentation: https://docs.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
Create application access policy steps: https://docs.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
这篇关于如何使用具有应用程序权限的 Micosoft Graph v1.0 正确创建在线会议?我收到了禁止回复的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
