图形 API - 可访问个人 Microsoft 帐户的守护程序应用程序(Azure AD V2.0 端点) [英] Graph API - Daemon App with Access to a Personal Microsoft Account (Azure AD V2.0 endpoint)
问题描述
我正在尝试创建一个可以访问我的个人 Microsoft 帐户的守护程序(仅代码,仅服务器)应用程序.我不知道如何获取不会过期的 Access_Token(或 refresh_token).
I am trying to create a Daemon (code-only, server-only) app that can access my Personal Microsoft Account. I cannot figure out how to get an Access_Token that does not expire (or a refresh_token).
我可以使用此处详述的adminconsent"端点为我的企业 (Office 365) 帐户创建一个正常工作但不会过期(管理员仅登录一次)的守护程序应用程序:https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-client-creds/ 或此处:https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-微软图/.不幸的是,我的个人帐户无法使用adminconsent"端点——返回此操作只能由管理员执行"错误.有没有办法为我的个人帐户启用管理员同意?
I can create a working non-expiring (admin logs in only once) Daemon app for my Business (Office 365) Account using the "adminconsent" endpoint detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-client-creds/ or here: https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-microsoft-graph/. Unfortunately, I cannot use the "adminconsent" endpoint with my personal account -- returns "This operation can only be performed by an administrator" error. Is there a way I can enable adminconsent for my personal account?
或
对于我的个人帐户,我可以使用授权"端点(详见此处:https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-scopes/) 并返回一个代码(过期)可用于获取access_token";这在 Graph API 中运行良好——直到 access_token 过期(3600 秒).它不返回refresh_token".因此,在代码/令牌到期后,它需要用户再次登录.如何使用授权端点获取只能通过代码刷新的令牌?
For my personal account, I can use the "authorize" endpoint (as detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-scopes/) and it returns a code (that expires) that can be used to obtain the "access_token"; which works fine in Graph API -- until the access_token expires (3600 seconds). It does not return a "refresh_token". So, after the code/token expires, it then requires the user to log in again. How can I use the authorize endpoint to then obtain tokens that can be refreshed via code only?
推荐答案
包含 offline_access 范围以获取刷新令牌.请务必将您的刷新令牌替换为每次刷新时返回的新令牌.
Include the offline_access scope to get a refresh token. Be sure to replace your refresh token with the new one that comes back each time you refresh.
这篇关于图形 API - 可访问个人 Microsoft 帐户的守护程序应用程序(Azure AD V2.0 端点)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
