使用EWS和OAuth 2的Office 365日历API [英] Office 365 Calendar API Using EWS and OAuth 2

问题描述

请在底部查看修改.

我正在尝试使用EWS(不是托管API)与Office 365 API一起在用户日历上创建/删除/更新事件.

I'm trying to work with the Office 365 API using EWS (not the managed API) to create/delete/update events on users' calendars.

到目前为止，我已经成功使用Basic Auth验证了我的SOAP请求是否可以正常工作.我现在正尝试将OAuth 2替换为基本身份验证.我需要使用客户端凭据流.

So far, I have successfully used Basic Auth to validate that my SOAP request will work. I'm now trying to replace Basic Auth with OAuth 2. I require the use of the Client Credentials Flow.

这是我遵循的步骤:

• 提供了管理员对应用程序的同意.我在浏览器中启动了以下URL，并使用管理员帐户表示同意.

• Provided admin consent to the application. I launched the following URL in my browser, and provided consent using an admin account.

https://login.microsoftonline.com/common/oauth2/authorize?
    response_type=code+id_token&
    scope=openid&
    client_id=[Client ID]&
    redirect_uri=http://localhost/myapp/permissions&
    resource=https://outlook.office.com&
    prompt=admin_consent&
    response_mode=form_post&
    nonce=1234

在获得同意后，我从响应中检索了id_token，并使用 JWT.io .从有效载荷中，我记录了tid.

Upon granting consent, I retrieved the id_token from the response, and decoded it using JWT.io. From the payload, I recorded the tid.

接下来，我通过发送以下请求检索访问令牌:

Next I retrieved an access token by sending the following request:

POST https://login.microsoftonline.com/[TID]/oauth2/token HTTP/1.1
cache-control: no-cache
Content-Type: application/x-www-form-urlencoded
Accept: */*
Host: login.microsoftonline.com
accept-encoding: gzip, deflate
Connection: close

client_id=[CLIENT ID]&
client_secret=[CLIENT SECRET]&
grant_type=client_credentials&
resource=https%3A%2F%2Foutlook.office.com

使用访问令牌，我发出了与使用基本身份验证相同的请求，只是我用Authorization: Bearer [Access Token]

我收到以下错误(403 Forbidden): The token contains not enough scope to make this call.

I received the following error (403 Forbidden): The token contains not enough scope to make this call.

我该怎么做才能解决此错误?

What do I need to do to fix this error?

我添加了Use Exchange Web Services with full access to all mailboxes应用程序许可权，现在发送SOAP消息的结果为500 Internal Server Error ...

Edit 1: I added the Use Exchange Web Services with full access to all mailboxes application permission, and sending the SOAP message now results in an 500 Internal Server Error...

推荐答案

解决方案涉及以下内容:

The solution involved the following:

1. 添加Use Exchange Web Services with full access to all mailboxes应用程序权限，因为EWS不允许使用更精细的权限.

1. Adding the Use Exchange Web Services with full access to all mailboxes application permission, since EWS doesn't allow the use of more granular permissions.

添加 ExchangeImpersonation目标邮箱的SOAP标头.

设置 X-AnchorMailbox HTTP标头.

这篇关于使用EWS和OAuth 2的Office 365日历API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！