获取Microsoft Graph API的访问令牌 [英] Getting the access token for Microsoft Graph API

问题描述

我正在尝试获取Microsoft Graph API的访问令牌，以便访问SharePoint文档库.我的应用程序是Windows服务，因此我正在按照此处所述的过程进行操作.

I'm trying to get the access token for the Microsoft Graph API in order to access a SharePoint document library. My application is a windows service, hence I'm following the procedure described here.

但是，当我尝试获取访问令牌时，得到的响应没有 scope 值.以下是我的回复:

But when I try to get the access token, the response that I get doesn't have the scope value. Below is my response:

{
  "token_type": "Bearer",
  "expires_in": "3600",
  "expires_on":"1492452559",
  "not_before": "1492448659",
  "resource": "https://graph.microsoft.com",
  "access_token": "Token"
}

由于这个原因，当我尝试使用该访问令牌查询Graph API时，出现了一条错误消息: scp或角色声称需要存在于令牌中

Because of this when I try to query the Graph API with this access token, I'm getting an error saying: Either scp or roles claim need to be present in the token

有人可以帮我解决这个问题吗?预先感谢.

Can someone please help me on how to get this working? Thanks in advance.

推荐答案

在使用客户端凭据流时，您的客户端应用程序似乎未设置适当的应用程序权限，以下是Azure AD经典门户中应用程序权限"部分的说明.请选择所需的适当权限，然后重试:

That seems your client application hasn't set the appropriate app permissions when using client credential flow , below is an illustration of application permissions section in Azure AD classic portal. Please select appropriate permissions needed and retry :

此外，当使用客户端凭证流获取访问令牌时，您可以使用以下工具检查访问令牌中的roles声明(这是检查应用程序权限的方式，而不是令牌响应中的方式) http://jwt.calebb.net/解码访问令牌并检查应用权限:

And in addition , when using client credential flow to get the access token , you could check the roles claims in access token(that is the way to check the app permission, not in token response) , using a tool like http://jwt.calebb.net/ to decode the access token and check the app permissions :

这篇关于获取Microsoft Graph API的访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！