在德国国家云中注册Microsoft Graph API的应用程序 [英] Registering an application for the Microsoft Graph API in the German National Cloud
问题描述
我已经成功注册了graph.microsoft.com
的应用程序,但现在它也需要与graph.cloudapi.de
一起使用.
I have successfully registered my application for graph.microsoft.com
, but now it also needs to work with graph.cloudapi.de
.
对于德国国家云来说,应用程序注册门户似乎不是正确的.
The Application Registration Portal does not seem to be the correct one for the German National Cloud.
此外,在portal.microsoftazure.de
中注册的应用程序只能与SharePoint API一起使用,而不能与Graph一起使用.
Moreover, applications registered in portal.microsoftazure.de
only work with the SharePoint API, not Graph.
这是我的程序和德语Microsoft Cloud之间的HTTP交换示例.我在Delphi中手动编码HTTP请求.该交换仅适用于graph.microsoft.com,但不适用于graph.microsoft.de.
Here's a sample HTTP exchange between my program and the German Microsoft Cloud. I am hand coding HTTP requests in Delphi. The exchange works with graph.microsoft.com, but not graph.microsoft.de.
我通过以下https URL启动身份验证:
I start the authentication via the following https URL:
login.microsoftonline.de/common/oauth2/v2.0/authorize?response_type=code&client_id=xyz&prompt=login&scope=https%3A%2F%2Fgraph.microsoft.de%2Fuser.read%20&response_mode=query&state=5736109994698155204&redirect_uri=https%3A%2F%2Fwww.syncovery.com%2Foauthresult.php
然后,云将使用长代码参数(例如
The cloud then directs to my redirect URL with a long code parameter, such as
code=AQABAAIAAQDnLpu3ikefR73l_aNlxt5xxdvNhQ9JVAI7b0ciTej............
到目前为止,太好了.现在最困难的部分:
So far, so good. Now the hard part:
POST /common/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.de
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 805
client_id=xyz&client_secret=abc&code=AQABAAIAAQD_very_long&redirect_uri=https%3A%2F%2Fwww.xyz.com%2Foauthresult.php&grant_type=authorization_code&scope=https%3A%2F%2Fgraph.microsoft.de%2Fuser.read%20
回复:
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
x-ms-request-id: e83986c0-5da4-4af7-92fc-46e2fb950100
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: esctx=AQABAAAAA_longish domain=.login.microsoftonline.de; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
Date: Wed, 07 Feb 2018 11:11:44 GMT
Content-Length: 449
{
"error": "invalid_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: e83986c0-5da4-4af7-92fc-46e2fb950100\r\nCorrelation ID: 044f44e3-ec09-4f76-b073-0ff6b72b696a\r\nTimestamp: 2018-02-07 11:11:45Z",
"error_codes": [70002, 50012],
"timestamp": "2018-02-07 11:11:45Z",
"trace_id": "e83986c0-5da4-4af7-92fc-46e2fb950100",
"correlation_id": "044f44e3-ec09-4f76-b073-0ff6b72b696a"
}
推荐答案
apps.dev.microsoft.com
门户是全球性的,没有门户的国家云实例.但是,您确实需要使用仅适用于Azure AD的应用程序"而不是融合应用程序"在AAD帐户下注册您的应用程序.这是因为国家云终端尚不支持v2终端本身.
The apps.dev.microsoft.com
portal is global, there isn't a national cloud instance of the portal. You do however need to register your app under an AAD account using "Azure AD only applications" rather than "Converged applications". This is because the v2 Endpoint itself isn't supported by national cloud endpoints yet.
这里的另一个问题是您的URI也不正确.
Another problem here is that your URI is also incorrect.
-
Microsoft图形根端点:
https://graph.microsoft.de
(不是graph.cloudapi.de
)
OAuth2.0端点:https://login.microsoftonline.de
OAuth2.0 Endpoint: https://login.microsoftonline.de
Azure AD v2.0授权和令牌终结点仅在全局服务上可用;尚不支持将它们与国家云部署一起使用.
The Azure AD v2.0 authorization and token endpoints are available on the global service only; they are not yet supported for use with national cloud deployments.
这篇关于在德国国家云中注册Microsoft Graph API的应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!