Microsoft Graph Access令牌包含对联系人API的错误权限 [英] Microsoft Graph Access Token contains wrong permission for contacts API

问题描述

因此，基本上，我需要访问Office 365用户的联系人. 我使用Microsoft graph API，并且可以通过JSON中的HTTP GET成功获取所有联系人.但是现在我正在尝试将JSON写入 https://graph.microsoft.带有HTTP POST的com/v1.0/me/contacts API，但每次都会收到403-权限被拒绝.所以我去了 https://jwt.io/并检查了我的访问令牌，发现我没有写入联系人的权限.

So basically I need to access the contacts of an office 365 user. I use the Microsoft graph API and I successfully can get all the contacts via an HTTP GET in a JSON. But now I'm trying to write a JSON to the https://graph.microsoft.com/v1.0/me/contacts API with an HTTP POST, but I get a 403 - Permission Denied every time. So I went to https://jwt.io/ and checked my access token and saw that I don't have the permissions to write in the contacts.

我获得了这些权限:

"scp":"Contacts.Read openid个人资料User.Read"

"scp": "Contacts.Read openid profile User.Read"

即使我只在Azure门户的应用程序注册"设置中设置了Contacts.ReadWrite.

Even though I only set Contacts.ReadWrite in the App Registration settings on the Azure portal.

权限

我尝试更新权限，但这无济于事.

I've tried updating the permissions but that didn't help.

推荐答案

如果您更改了权限，则用户需要再次同意.

If you have changed the permissions, users need to consent again.

您可以通过url请求强制用户同意，并在验证请求URL后面附加& prompt =同意.

You can force user consent through a url request, append &prompt=consent to the authentication request URL.

https://login.microsoftonline.com/{tenant}/oauth2/authorize?
client_id={your_client_id}
&response_type=code
&response_mode=query
&resource=https://graph.microsoft.com
&state=12345
&prompt=consent

或者您只代表该目录中的所有用户授予同意.向所有用户授予管理员同意意味着使用该应用程序时不会向最终用户显示同意屏幕.

Or you just grant consent on behalf of all users in this directory. Granting admin consent for all users means that end users will not be shown a consent screen when using the application.

这篇关于Microsoft Graph Access令牌包含对联系人API的错误权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！