使用Outlook REST API:如何避免获取登录页面? [英] Use the Outlook REST API: how to avoid getting the login page?
问题描述
你好,
我正在关注文档 https://docs.microsoft.com/en-us/previous-versions/office/office -365-api / api / version-2.0 / use-outlook-rest-api。
I'm following documentation at https://docs.microsoft.com/en-us/previous-versions/office/office-365-api/api/version-2.0/use-outlook-rest-api.
我想获得指定后台工作中的帐户电子邮件和日历数据。通过outlook REST API(我已经知道了帐户的电子邮件和密码),在检索这些数据之前需要获得授权。我正在关注Azure AD v2身份验证终结点。但
它几乎停止了办公室在线登录页面(https://login.microsoftonline.com/common/oauth2/v2.0/authorize) 并且必须手动单击登录按钮以重定向我的本地页面,然后获取访问令牌。我们希望在后台工作中获取帐户的电子邮件和日历数据
。所以它需要自动获得授权。我们怎么能这样做?
I want to get the specify account's email and calendar data in background job. Via outlook REST API(I have known the account email and password), It need get authorization before retrieve these data. I am following Azure AD v2 authentication endpoint. But it almost stop the office online login page(https://login.microsoftonline.com/common/oauth2/v2.0/authorize) and must manually click login button to redirect my local page, and then get Access Token. We hope getting account's email and calendar data in background job. So it need get authorization automatically. How could we do it?
BTW,我刚看到文章"Microsoft身份平台和OAuth 2.0资源所有者密码凭证"(https://docs.microsoft.com / EN-US /天蓝色/主动目录/开发/ V2-OAuth的ROPC)。看来它可以通过所有者密码直接获得访问令牌。
我们可以用这种方式获取访问令牌,然后检索帐户的电子邮件和日历吗?请告知
BTW, I just saw on article "Microsoft identity platform and the OAuth 2.0 resource owner password credential"(https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc). Seemly it could get Access Token directly by owner password. Could we use this way to get Access Token, and then retrieve account's emails and calendars? Please advise
我期待您的回复。
非常感谢!
Mark
推荐答案
我认为如果你的应用程序具有非交互流程,ROPC是唯一的方法,但是,通常不建议使用因为其他身份验证流程不太安全。 此外,此流程与条件访问不兼容,MFA将因为没有对话框可用于身份验证而失败。
I think that ROPC is the only way if you application has non-interactive flow, however, in general this is not advised to use as it is less secure that other authentication flows. Also, this flow is not compatible with conditional access and MFA will fail as no dialog will be available for authentication.
如果调用应用程序是Web服务,您可以尝试查找OAuth客户端凭据流,以便在没有用户交互的情况下运行的应用程序需要进行身份验证并获取具有应用程序标识而非委派身份的令牌。
请参阅 OAuth 2.0客户端凭据流。 您还可以参考 GitHub
示例
In case calling application is a web service, you may try to look for the OAuth Client Credentials flow as for the apps that operates without user interaction needs to authenticate and get tokens with the application identity instead of delegated identity. Please refer to OAuth 2.0 client credentials flow. You can also refer to GitHub Sample on OAuth 2.0 client credentials grant.
这篇关于使用Outlook REST API:如何避免获取登录页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
