Microsoft Graph范围v2 oauth [英] Microsoft Graph scopes v2 oauth
问题描述
我正在尝试构建一个简单的Ruby应用程序,该应用程序可以连接到Microsoft Graph API,并获取有关用户的基本信息,例如经理或直接报告.
I'm trying to build a simple Ruby application that can connect to the Microsoft Graph API and get basic information about the user, for example the manager or direct reports.
我遵循了0365教程,并且有一个可以接收用户邮件的有效应用程序.但是,当我尝试使用会话令牌查询图形api时,出现错误:
I've followed a 0365-tutorial and i've got a working app that is able to get a user's mail. However when I try to then use the session tokens to query the graph api, i get an error:
response.body
=> "{\r\n \"error\": {\r\n \"code\": \"InvalidAuthenticationToken\",\r\n \"message\": \"Access token validation failure.\",\r\n \"innerError\": {\r\n \"request-id\": \"18cbc6be-5254-400c-9780-7427376587fb\",\r\n \"date\": \"2016-06-30T22:21:55\"\r\n }\r\n }\r\n}"
我正在使用范围
SCOPES = [ 'openid', 'profile', 'https://outlook.office.com/contacts.read', 'offline_access' ]
我刚刚被建议包括范围' https://graph.microsoft.com/user .read ",但是当我将其添加到应用程序中时,甚至在未登录用户登录页面之前,都会遇到以下错误:
I've just been suggested to include the scope 'https://graph.microsoft.com/user.read', but when i add this to the application i get the following error before even hitting the user login page:
AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope openid profile offline_access https://graph.microsoft.com/user.read is not valid.
对此有任何帮助,将不胜感激!
Any help on this would be appreciated!
推荐答案
好.问题是您同时包含Outlook(https://outlook.office.com/contacts.read范围)和Graph(https://graph.microsoft.com/user.read范围)的范围.不幸的是,Azure的授权端点不支持这样的混合作用域.您可以删除Outlook范围(假设不需要),也可以将其更改为等效的Graph:https://graph.microsoft.com/contacts.read(如果需要访问登录用户的个人联系人).
Ok. The problem is that you are including scopes for both Outlook (the https://outlook.office.com/contacts.read scope) and Graph (the https://graph.microsoft.com/user.read scope). Unfortunately Azure's authorization endpoint doesn't support mixing scopes like that. You can either remove the Outlook scope (assuming you don't need it), or change it to the Graph equivalent: https://graph.microsoft.com/contacts.read (if you need to access the logged on user's personal contacts).
这篇关于Microsoft Graph范围v2 oauth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
