如何从节点脚本获取Microsoft Graph API访问令牌? [英] How to get Microsoft Graph API Access token from Node Script?
问题描述
我想使用此库与我的广告的图API进行交互- https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/nodejs.md
I'd like to use this library to interact with the graph API for my AD - https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/nodejs.md
但是,我发现所有返回访问令牌的现有javascript库都希望传递一个返回URL以及其他一些特定于Web的东西,这使我相信这是对Microsoft的某种要求结束.
However, all of the existing javascript libraries I've found to return access tokens expect a return URL to be passed in, as well as some other web-specific stuff, leading me to believe this is some kind of requirement on Microsoft's end.
在运行后端节点脚本(与网络无关)时,是否有任何好的方法来认证/接收访问令牌,以便可以开始针对Microsoft Graph API进行调用?预先感谢您的建议.
Is there any good way to authenticate/receive an access token while running a backend node script (nothing web related) so that I can begin to make calls against the Microsoft Graph API? Thanks in advance for the advice.
推荐答案
要运行连接到Graph API的未经用户身份验证的后端守护程序,您需要使用仅应用程序身份验证流程.这是的快速摘要官方步骤:
To run a back-end non-user-authenticated daemon connected to the Graph API, you want to use the app-only authentication flow. Here's a quick summary of the official steps:
- 创建您的Azure AD租户.记下
yourtenant.onmicrosoft.com名称,然后将此值复制下来. - 通过全局
Azure Active Directory刀片的App Registrations部分而不是直接在租户属性中注册应用程序.复制Application ID;我们以后再用. - 创建与注册相关的密钥,并记住将其复制下来.单击后,您将无法找回键值,因此请确保将其复制.
- 还将注册的权限更新为所需的权限,单击
Save,然后单击Grant Permissions按钮. - 向
login.microsoftonline.com域发出HTTP请求以获取访问令牌. - 使用访问令牌发出Graph API请求.
- Create your Azure AD Tenant. Note the
yourtenant.onmicrosoft.comname, and copy this value down. - Register an application through the global
Azure Active Directoryblade'sApp Registrationssection, not directly within the tenant properties. Copy theApplication ID; we'll need it later. - Create a key tied to the registration and remember to copy it down. Once you click out, you can't get the key value back, so make sure to copy it.
- Also update the registration's permissions to what you need, click
Save, and then also hit theGrant Permissionsbutton. - Make an HTTP request to the
login.microsoftonline.comdomain to obtain an access token. - Use the access token to make Graph API requests.
这是指向Microsoft的Node.js示例的链接,这是一个链接到HTTP调用上的直接文档进行检索访问令牌.这是一个超级精简的示例,将输出检索到的访问令牌.替换[Tenant],[ApplicationID]和[Key]值:
Here's a link to Microsofts Node.js example, and here's a link to the direct documentation on the HTTP call to make to retrieve an access token. And here's a super stripped-down example that will output the retrieved access token. Replace the [Tenant], [ApplicationID], and [Key] values:
const request = require("request");
const endpoint = "https://login.microsoftonline.com/[Tenant].onmicrosoft.com/oauth2/token";
const requestParams = {
grant_type: "client_credentials",
client_id: "[ApplicationID]",
client_secret: "[Key]",
resource: "https://graph.windows.net"
};
request.post({ url:endpoint, form: requestParams }, function (err, response, body) {
if (err) {
console.log("error");
}
else {
console.log("Body=" + body);
let parsedBody = JSON.parse(body);
if (parsedBody.error_description) {
console.log("Error=" + parsedBody.error_description);
}
else {
console.log("Access Token=" + parsedBody.access_token);
}
}
});
一旦有了access_token,我们就可以调用Graph API.假设正确配置了应用程序权限并从第4步开始应用,我们就可以开始发出Graph API请求:
Once we have the access_token, we can call out to the Graph API. Assuming the apps permissions were configured correctly and applied from step #4, we can start making Graph API requests:
function testGraphAPI(accessToken) {
request.get({
url:"https://graph.windows.net/[Tenant]/users?api-version=1.6",
headers: {
"Authorization": accessToken
}
}, function(err, response, body) {
console.log(body);
});
}
这篇关于如何从节点脚本获取Microsoft Graph API访问令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
