如何使用新的Microsoft图形API创建身份验证令牌? [英] How do I create an auth token with the new microsoft graph api?

问题描述

我一直在使用它:

https://github.com/Azure-Samples/active-directory-php-graphapi-web.git

可以访问图形API.我的azure AD注册应用程序能够查询API以获取目录中的用户列表.

to access the graph api, which works. My azure AD registered application is able to query the API to get a list of users in the directory.

但是现在我想在目录中列出用户的文件夹. 此页面

But now I want to list folders for a user in the directory. This page

http://graph.microsoft.io/docs

说该网址应为:

https://graph.microsoft.com/v1.0/me/drive/root/children

当我在REST调用中使用该URL时，会得到

When I use that url in my REST call, I get

"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: -2147184105"

可以理解，它是从

https://graph.windows.net

所以，我迷路了. API的版本很多，从消费级的onedrive(以前称为skydrive)到第一个图形api(我可以通过 https访问) ://graph.windows.net )，Office 365 API(我可以通过 https://login访问. microsoftonline.com )，现在是图形api(以前是通用api https://graph.microsoft.com )我只是不知道从哪里开始寻找正确的信息.

So, I'm lost. There's so many different versions of the API, from the consumer grade onedrive (formerly skydrive), the first graph api (which I access via https://graph.windows.net), the office 365 API (which I access via https://login.microsoftonline.com) and now the graph api (formerly universal api https://graph.microsoft.com) I just don't know where to begin to look for correct information.

此刻我正在使用PHP，并且我相信这在Microsoft支持的平台列表中将是非常低的，但是有关访问令牌生成如何在最新api，o365 api和其他图形API(位于graph.windows.net)将不胜感激.

I'm working in PHP at the moment, and I'm sure that's going to be pretty low on microsoft's list of supported platforms, but any direction about how the access token generation works in the newest api versus the o365 api versus the other graph api (at graph.windows.net) would be appreciated.

还有其他人像我一样困惑吗? 是否有一些主要的参考资料来解释这些api之间的所有差异以及如何访问它们?

Is anybody else as confused as I am? Is there some central reference that explains all the differences between these apis and how to access them?

推荐答案

Microsoft Graph应该为您提供一个终结点(和令牌获取)来访问Office 365和Azure AD服务提供的数据.请访问 https://graph.microsoft.com 了解更多详细信息-但请使用v1.0版本是适用于生产服务的GA版本.

The Microsoft Graph should provide you with one endpoint (and token acquisition) to access data offered by Office 365 and Azure AD services. Please visit https://graph.microsoft.com for more details - but please use the v1.0 version as this is the GA version that is appropriate for production services.

关于没有用户界面的服务应用程序的问题-您可以使用client_credential流获取仅应用程序的访问令牌. (当前尚未在Microsoft Graph文档中进行记录，但在其他地方-只需将资源设置为 https://graph.microsoft.com/) .在Azure管理门户中，您还需要选择应用程序同样需要的应用程序权限".当前支持仅应用程序访问邮件资源，但不支持仅应用程序访问一个驱动器资源(通过Microsoft图形).我们将很快打开它.

As for your question about a service app with no user UI - you can get an app-only access token using the client_credential flow. (This is not currently documented in the Microsoft Graph documentation, but it is supported and described elsewhere - just set the resource to be https://graph.microsoft.com/). In the Azure Management Portal you'll need to select the "Application Permissions" that your app requires too. Currently app-only access to mail resources is supported, but app only access to one drive resources (through Microsoft graph) is not supported. We'll be looking to open that up shortly.

希望这会有所帮助，

这篇关于如何使用新的Microsoft图形API创建身份验证令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！