Microsoft Graph API-v1.0/me/event禁止使用403 [英] Microsoft Graph API - 403 Forbidden for v1.0/me/events
问题描述
我正在建立一个页面,其中包含对Microsoft Graph的无数次调用,它们分别指向不同的端点:获取OneDrive文件,电子邮件,用户属性等.
I'm building a page with numerous calls to Microsoft Graph to different end points: to get OneDrive files, emails, user properties, etc.
一个无效的调用是获取当前用户的日历事件.我正在使用的终点是https://graph.microsoft.com/v1.0/me/events
.响应是403 Forbidden.
The one call that does not work is to get the current user's calendar events. The end point I'm using is https://graph.microsoft.com/v1.0/me/events
. The response is 403 Forbidden.
根据Microsoft文档此处应用程序需要Calendars.Read
或Calendars.ReadWrite
权限.我在已授权权限下检查了这两个选项,但仍然是相同的问题.然后,我在此应用程序的Azure AD中选中了所有51个权限范围,并且仍然是相同的问题.
According to the Microsoft documentation here the application needs Calendars.Read
or Calendars.ReadWrite
permissions. I checked both of these under delegated permissions and still the same problem. I then ticked all 51 permission scopes in Azure AD for this app, and still the same problem.
我还尝试在Azure AD中创建一个新应用,但这无济于事.
I also tried creating a new app in Azure AD, but this did not help.
如何使用Microsoft Graph来获取当前用户的日历事件?我想念什么?
How can I use Microsoft Graph to get back the current user's calendar events? What am I missing?
我正在使用ADAL.js进行身份验证.这是我自己的doAuth
函数中包含的代码,其中包含应用程序的客户端ID.
I'm using ADAL.js for authentication. This is the code I have in my own doAuth
function that takes in the client ID of the application.
function doAuth(clientId) {
var variables = {
// Domain of Azure AD tenant
azureAD: // the appropriate URL,
// ClientId of Azure AD application principal
clientId: clientId,
// Name of SharePoint tenant
sharePointTenant: // the appropriate URL
}
// Create config and get AuthenticationContext
window.config = {
tenant: variables.azureAD,
clientId: variables.clientId,
postLogoutRedirectUri: window.location.origin,
endpoints: {
graphApiUri: "https://graph.microsoft.com",
sharePointUri: "https://" + variables.sharePointTenant + ".sharepoint.com",
},
cacheLocation: "localStorage"
}
var authContext = new AuthenticationContext(config);
var isCallback = authContext.isCallback(window.location.hash);
authContext.handleWindowCallback();
if (isCallback && !authContext.getLoginError()) {
window.location = authContext._getItem(authContext.CONSTANTS.STORAGE.LOGIN_REQUEST);
}
var user = authContext.getCachedUser();
var token = authContext.getCachedToken(clientId);
if (!user || !token)
authContext.login();
return authContext
}
推荐答案
听起来好像您已经更改了分配给应用程序的作用域.发生这种情况时,您还需要使用这些新作用域对用户进行重新授权.为此,将&prompt=consent
添加到初始ODATA重定向的查询字符串中.这将迫使您将新范围显示给用户进行授权.
It sounds like you've changed the scopes assigned to the application. When this happens you also need to have user's reauthorize using those new scopes. To do this, add &prompt=consent
to the query string of your initial ODATA redirect. This will force your new scopes to be presented to the user for authorization.
您可以使用配置中的extraQueryParameter
参数在ADAL.js库中触发此操作:
You can trigger this in the ADAL.js library using the extraQueryParameter
parameter in your configuration:
// Create config and get AuthenticationContext
window.config = {
tenant: variables.azureAD,
clientId: variables.clientId,
postLogoutRedirectUri: window.location.origin,
endpoints: {
graphApiUri: "https://graph.microsoft.com",
sharePointUri: "https://" + variables.sharePointTenant + ".sharepoint.com",
},
cacheLocation: "localStorage",
extraQueryParameter: "prompt=consent"
}
这篇关于Microsoft Graph API-v1.0/me/event禁止使用403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!