使用Office 365 REST API的OAuth的access_token的SharePoint错误 [英] SharePoint Error using Office 365 REST API OAuth access_token
问题描述
我正在开发一个相当简单的应用程序检索使用REST Office 365的API从SharePoint文件。这是在没有用户界面,下面简单的2步流程后台运行一个批处理作业是我在做什么:
I am developing a rather simple application that retrieves files from SharePoint using the REST Office 365 API. This is a batch job running in the background with no user interface so the following simple 2-step flow is what I'm doing:
(1)请求来自Azure的AD访问令牌(提供客户端ID,客户端密钥,资源和grant_type = client_credentials)
(1) Requesting an Access Token from Azure AD (supplying client ID, client secret, resource, and grant_type=client_credentials)
(2)调用的SharePoint API(的https:// {基URL} / _ API / 1.0 /文件
)使用授权:承载为请求头。
(2) Invoke the SharePoint API (https://{base url}/_api/v1.0/Files
) using the "Authorization: Bearer " as a request header .
这过程似乎pretty简单,听起来简单,但我不断收到以下错误:
That process seems pretty straightforward and sounds simple but I keep getting the following error:
401 Unauthorized
x-ms-diagnostics: 3001000;reason="There has been an error authenticating the request.";category="invalid_client"
任何想法是什么问题以及如何能解决吗?我一直停留在这几天了。我真的AP preciate某人的与此帮助。谢谢你。
Any idea what the problem is and how this can be resolved ? I have been stuck on this for days now. I would REALLY appreciate somebody's help with this. Thanks.
推荐答案
SharePoint Online中尚不支持的客户端应用程序使用仅令牌(从客户端凭据OAuth2流程产生的)访问它。它仅支持委派令牌又名用户+应用令牌(从授权code OAuth2流程造成)。
SharePoint Online doesn't yet support clients accessing it using app-only tokens (resulting from client credential OAuth2 flow). It only supports delegated token aka user+app tokens (resulting from authorization code OAuth2 flow).
所以,如果你希望写,网上访问SharePoint中的客户端应用程序(Web应用程序或本地客户端应用程序) - 它只能代表一个用户的,它必须涉及用户的交互认证 - 用户进行身份验证后, - 他们将显示他们需要同意您的应用程序访问API O365代表他们的同意页面。
So, if you wish to write a client application (web app or native client app) that accesses SharePoint online - it can only be on behalf of a user, and it must involve interactive authentication of the user - after the user authenticates - they will be shown a consent page where they need to consent to your application accessing the O365 API on their behalf.
只有邮件/日历/联系人的API(的Exchange Online)支持的客户端应用程序使用仅令牌访问它们 - 他们已经把这个支持最近。阅读与Exchange Online的API客户端在这里流动的凭证令牌:<一href=\"http://blogs.technet.com/b/ad/archive/2015/02/04/using-azure-ad-to-build-daemon-applications-that-call-office-365-apis.aspx\" rel=\"nofollow\">http://blogs.technet.com/b/ad/archive/2015/02/04/using-azure-ad-to-build-daemon-applications-that-call-office-365-apis.aspx, <一href=\"http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx\" rel=\"nofollow\">http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx
Only Mail/Calendar/Contacts APIs (Exchange Online) support clients accessing them using app-only tokens - and they have turned on this support very recently. Read about client credential flow tokens with Exchange Online APIs here: http://blogs.technet.com/b/ad/archive/2015/02/04/using-azure-ad-to-build-daemon-applications-that-call-office-365-apis.aspx, http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx
希望这有助于。
PS:OAuth2用户端凭证流不会发出刷新令牌
ps: OAuth2 client credential flow doesn't issue a refresh token
这篇关于使用Office 365 REST API的OAuth的access_token的SharePoint错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!