在不使用登录页面的情况下访问Microsoft Graph API [英] Accessing Microsoft Graph API without using login page

问题描述

我想访问用户的一个驱动器以使用Graph API上传文档或检索文档. 我在网上看到了多个示例，这些示例要求用户使用标准的登录页面进行登录.您需要从登录页面获取授权代码，然后使用它来获取令牌，该令牌最终可用于访问驱动器之类的资源.

I would like to access a user's one drive to upload a document or retrieve a document using Graph API. I've seen multiple examples over the net which requires using the standard login page for the user to login. You need to get the authorization code from the login page and then use it to get a token, which finally can be used to access a resource like drive.

我正在寻找一种无需通过登录页面即可完成此操作的方法.我可以拥有自己的登录页面，可以在其中请求用户登录.

Am looking for a way to do this without going through the login page. I can have my own login page where I can request user to login.

简而言之，我想使用REST客户端(如Postman)访问Graph API的驱动器资源(从授权到访问资源).这可能吗?

In short, I want to access drive resource of Graph API using a REST client like Postman (right from authorization to accessing the resource). Is this possible?

推荐答案

尽管这是可能的，但强烈建议您不要对单个用户访问此操作. Microsoft Graph仅支持将OAUTH 2.0作为其authZ协议，并且我们建议您在OAUTH中使用流，其中可信机构是直接处理登录凭据的机构.允许应用程序代码提供用于登录凭据的表单UI会打开攻击媒介，您的应用程序将可以直接访问用户的O365密码，这是不安全的方法.

Although this is possible, it's strongly recommended not to do this for individual user access. The Microsoft Graph only supports OAUTH 2.0 as its authZ protocol, and we recommend that you use the flows within OAUTH where the trusted authority be the one to directly handle login credentials. Allowing application code to provide the forms UI for login credentials would open up the attack vector where your app would have direct access to the user's O365 password, which is not a secure approach.

这篇关于在不使用登录页面的情况下访问Microsoft Graph API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！