图表Api-401未经授权 [英] Graph Api - 401 Unauthorised
本文介绍了图表Api-401未经授权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
刚开始是在graph/office API中,哇,这是个雷区!
just started in the graph/office API and wow is it a minefield!
只是想知道是否有人可以给我任何建议?尝试联系 https://graph.microsoft.com/beta/我/文件.
Just wondering if anyone can give me any advice? I am getting a 401 when I attempt to contact https://graph.microsoft.com/beta/me/files.
我的JWT如下:
{
"aud": "https://graph.windows.net/",
"iss": "https://sts.windows.net/916970f4-e570-4036-a353-8ae647af1d3e/",
"iat": 1444794383,
"nbf": 1444794383,
"exp": 1444798283,
"ver": "1.0",
"tid": "916970f4-e570-4036-a353-8ae647af1d3e",
"oid": "c454b826-612f-4525-8995-87f1a24dc3df",
"sub": "c454b826-612f-4525-8995-87f1a24dc3df",
"idp": "https://sts.windows.net/916970f4-e570-4036-a353-8ae647af1d3e/",
"appid": "568d0906-4131-4b97-8b08-9efdbe1636c4",
"appidacr": "1"
}
我的令牌是以一种相当奇怪的方式获得的...我有一个Web项目azure AD,谁的令牌用于获得Web api Azure Ad令牌,然后该令牌用于产生图api jwt,如上所示
My tokens are aquired in a rather odd way... I have a web project azure AD, who's token is used to aquire a web api Azure Ad token, then that Token is used to produce the graph api jwt as shown above.
在这里如何工作:
推荐答案
很抱歉,您正在此处遇到问题.两件事...
Sorry you are running in to issues here. Two things...
- 您将获得401,因为令牌的受众是针对Azure AD Graph API的,但它必须针对Office 365统一API,因为这是两个不同的API.要获取统一API的令牌,您需要在令牌获取请求中将资源指定为 https://graph.microsoft. com .基本上,令牌不能针对不同的服务互换使用-令牌是针对受众/资源的.我们应该在 http://dev.office.com/unifiedapis 上获得一些其他信息和示例.
- Office 365统一API仅支持代码流(aka应用程序+用户或委托流).您的令牌似乎是客户端凭据流令牌(即仅应用程序-无用户上下文).统一的api尚无法实现这种令牌/流,但这是我们正在努力的事情.敬请期待.
- You are getting a 401 because the audience of the token is for Azure AD Graph API, but it needs to be for the Office 365 unified API, since these are 2 differently APIs. To get a token for the unified API, you need to specify the resource in your token acquisition request as https://graph.microsoft.com. Basically tokens cannot be interchangeably used against different services - tokens are audience/resource specific. We should have some extra information and samples for this here http://dev.office.com/unifiedapis.
- The Office 365 unified API ONLY supports the code flows (aka app+user or delegated flows). Your token appears to be a client credentials flow token (i.e. app only - no user context). This kind of token/flow is not possible yet with the unified api, but it is something we are working on. Stay tuned.
希望这会有所帮助,
这篇关于图表Api-401未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文