Microsoft Graph API访问不在租户的用户的基本信息 [英] Microsoft Graph API Accessing basic info of a user that is outside tenancy

问题描述

我正在开发一个多租户Web应用程序，用于管理用户的邮件，联系人和日历.

在AzureAd管理门户上，我将我的应用注册为多租户，并且设法在租户内部和外部为所有人获取OAuth令牌，在查询身份验证代码和令牌终结点时，将tennantId替换为"common". /p>

现在，我想访问已登录并同意授予我的应用程序权限的人员的日历，邮件和联系信息.

我通过查询用户内部租约的基本用户信息开始了简单的操作，

获取 https://graph.windows.net /-tennantId-/me?api-version = 2013-11-08 或者 GET https://graph. windows.net/-tennantId-/users/myAdress@company.com?api-version=2013-11-08 {headers:{Authorization:"Bearer -accessToken-"}}

有效！

现在，我怎样才能访问租赁以外的用户信息?我尝试过

获取 https://graph.windows.net /-tennantId-/me?api-version = 2013-11-08

获取 https://graph.windows.net/-tennantId-/users/address@outside.com?api-version=2013-11-08

获取 https://graph.windows.net/common /me?api-version = 2013-11-08

获取 https://graph .windows.net/common/users/address @ outside.com?api-version = 2013-11-08 ，

我总是遇到400错误: {"odata.error":{"code":"Request_BadRequest"，"message":{"lang":"en"，"value":请求网址中的无效域名."}}}

知道我在做什么错吗?

解决方案

啊！

如果您使用OAuth开发多租户应用，则在与Graph API交谈时，请不要使用租户ID！

为租户内外的用户请求令牌时，相当于普通"是...我的组织"！

这将起作用:

https://graph.windows.net/myorganisation/me?api-version = 2013-11-08

哦，显然是写在文档中，但是...但是... MICROSOOOOOFT !!!

I am developing a multi-tenant web app managing the mail, contacts and calendar of users.

On the AzureAd management portal, I registered my app as multi-tenant and I manage to get OAuth tokens for both people out and inside my tenancy, replacing the tennantId by "common" when querying the Authentication Code and Token endpoints.

Now, I would like to access calendar, mail and contacts info of people who signed in and consented to give permissions to my app.

I started simple, by querying the basic user info of a user inside tenancy like this:

GET https://graph.windows.net/-tennantId-/me?api-version=2013-11-08 or GET https://graph.windows.net/-tennantId-/users/myAdress@company.com?api-version=2013-11-08 {headers: {Authorization: "Bearer -accessToken-"}}

It works!

Now, how can I have access to information of users that are outside my tenancy? I tried

GET https://graph.windows.net/-tennantId-/me?api-version=2013-11-08

GET https://graph.windows.net/-tennantId-/users/address@outside.com?api-version=2013-11-08

GET https://graph.windows.net/common/me?api-version=2013-11-08

GET https://graph.windows.net/common/users/address@outside.com?api-version=2013-11-08,

I always end-up having a 400 error: {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Invalid domain name in the request url."}}}

Any idea what I am doing wrong?

解决方案

Ah-ah!

Forget the use of your tenant ID when talking with the Graph API if you develop a multi-tenant app with OAuth!

The equivalent to "common" when requesting a token for a user in or outside your tenancy is... "myorganization"!

This will work:

https://graph.windows.net/myorganisation/me?api-version=2013-11-08

Oh, it was clearly written in the doc, but... but... MICROSOOOOOFT!!!

这篇关于Microsoft Graph API访问不在租户的用户的基本信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！