检索与管理员同意的访问令牌:如何访问组织的所有用户的数据? [英] Retrieving an access token with admin consent : how access the data of all the users of the organization?
问题描述
在Office 365中的我的第三方网络应用程序,我想访问所有从谁安装我的应用程序的组织用户的联系人,事件和电子邮件。
事情是我不希望所有这些用户都给予我的访问,我只是想组织一个管理员访问权限授予我的应用程序,然后才能找回我需要为所有用户的数据。
In my third-party web application of Office 365, I want to have access to the contacts, events and emails of all the users from the organizations who installed my app. The thing is I don't want that all these users have to grant me access, I just want one admin of the org to grant access for my app and then be able to retrieve the data I need for all the users.
要测试一个组织,我登录的管理员并继续OAuth2验证程序来获取访问令牌,并在第一个请求(GET一个检索授权code)我添加参数<强>提示符= admin_consent
To test for one organization, I logged in as the admin and proceed to the Oauth2 authentication to retrieve the access token and in the first request (the GET one to retrieve an authorization code) i add the parameter prompt=admin_consent.
通过这个访问令牌,我可以访问管理员的数据(电子邮件,联系人,事件)
With this access token, I can access the data (emails, contact, event) of the admin
例如用于接触
URI: https://outlook.office365.com/ews/odata/Users( adminemail外的)/通讯录
uri: https://outlook.office365.com/ews/odata/Users(adminemail)/Contacts
而与此URI这个组织的其他用户的数据。
but not the data of the other users of this org with this uri
URI: https://outlook.office365.com/ews/odata/Users( USEREMAIL 的)/通讯录
uri: https://outlook.office365.com/ews/odata/Users(useremail)/Contacts
我能做的唯一的事情是检索每个用户的访问令牌,但它假定每个用户授权访问应用程序,但它是非常繁琐。
所以,我看不出有什么能使参数提示= admin_consent以及如何使用它。有谁知道它做什么?
The only thing I can do is retrieve an access token for each user but it supposed that each user has to authorize the access to the app but it's very cumbersome. So, i don't see what enables the parameter prompt=admin_consent and how to use it. Does anybody know what it does?
我的问题是:我该怎么做才能访问一个组织的所有用户的数据时访问已被一个admin授予
And my question is: how can I do to access the data of all the users of one organization when the access has been granted by one admin?
感谢您!
推荐答案
谢谢你的问题!你有兴趣(一个应用程序访问一个组织一旦管理员允许访问列表中的所有用户数据)的情况目前还不支持,但高优先级我们的功能添加名单。
Thanks for your question! The scenario you are interested in (an app accessing data of all users of an organization once an admin grants access to the list) is not yet supported but is prioritized high on our list of features to add.
[更新]为应用程序访问在该租户的所有用户数据的支持支持Office 365的邮件,日历和联系人REST API的。请参阅<一个href=\"http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx\"相对=nofollow>建筑守护程序或服务应用与Office 365邮件,日历和联系人的API(OAuth2用户端凭证流)获得更多信息。
[UPDATE] Support for app accessing data of all users in a tenant is supported for Office 365 Mail, Calendar and Contact REST APIs. Please see Building Daemon or Service Apps with Office 365 Mail, Calendar, and Contacts APIs (OAuth2 client credential flow) for more info.
该方案提示= admin_consent面向,是您的方案不同。管理员同意,只是意味着管理员允许这个程序在组织中没有个人用户看到的屏幕同意签署该应用程序后。这种特殊的我的管理员为这个应用程序提供同意代表我的所有用户被提示= admin_consent,也就是在授权请求期间传递参数触发。然而,这并没有让该应用获取AccessTokens任何用户。每个用户仍然需要获取应用程序,登录和应用程序将达到授权端点,并得到一个刷新/的accessToken在用户的签名。
The scenario prompt=admin_consent is intended for, is different from your scenario. Admin consent simply means that the admin allows this app in the organization without the individual user to see the consent screen after signing on to the app. This special "I as the admin provide consent for this app on behalf of all my users" is triggered by the "prompt=admin_consent" parameter that is passed in during the authorize request. However, this doesn't allow the app to get AccessTokens for any user. Each user still has to get the app, sign in, and the app will hit the authorize endpoint and get a Refresh/AccessToken for the signed in user.
请让我知道如果您有任何疑问或需要更多的信息。
Please let me know if you have any questions or need more info.
谢谢,
Venkat在
这篇关于检索与管理员同意的访问令牌:如何访问组织的所有用户的数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
