从Microsoft Graph请求'/joinedTeams'时出现'Unauthorized'错误 [英] 'Unauthorized' error when requesting '/joinedTeams' from Microsoft Graph

问题描述

我正在设置一个应用程序，用于通过Microsoft Graph API修改Microsoft Teams帐户(团队/渠道)，但是我无法从需要调用的所有端点中获得响应.我遵循了指南，以成功创建具有应用程序许可权并成功获得访问(和刷新)令牌的应用程序.

I am setting up an app for modifying a Microsoft Teams account (teams/channels) through the Microsoft Graph API, but I can't get responses from all of the endpoints which I need to call. I have followed the guide for creating an app with application permissions and acquired access (and refresh) token(s) succesfully.

调用 https://graph.microsoft.com/v1.0/users/<用户guid>/joinedTeams

Calling the https://graph.microsoft.com/v1.0/users/<user guid>/joinedTeams endpoint yields a response as follows:

{
  "error": {
    "code": "Unauthorized",
    "message": "Unauthorized",
    "innerError": {
      "date": "2020-06-24T12:37:53",
      "request-id": <guid>
    }
  }
}

调用诸如 https://graph.microsoft.com/v1.0/users 之类的端点时，

while calling endpoints such as https://graph.microsoft.com/v1.0/users works as described. It would seem that the app hasn't gotten consent and/or permissions to access these, but after signup they are listed on the API permissions in the azure portal enterprise applications page, and the access token JWT contains the specified permissions as a roles object.

来自JWT:

"roles": [
    "TeamSettings.ReadWrite.All",
    "User.ReadWrite.All",
    "Directory.ReadWrite.All",
    "Group.ReadWrite.All",
    "TeamMember.ReadWrite.All",
    "Team.ReadBasic.All",
    "GroupMember.ReadWrite.All",
    "Member.Read.Hidden"
  ]

我尝试使用 Directory.ReadWrite.All 权限，还尝试使用

I have tried with the Directory.ReadWrite.All permission and also with the full permission list listed on the permissions page for the /joinedTeams endpoint and they all elicit the same error.

奇怪的是，根据此 a 401-将对过期(或类似无效)的令牌给出未经授权的响应，但是显然不是这种情况，因为我可以使用该令牌来调用其他端点.

Curiously, according to this a 401 - Unauthorized response would be given for expired (or similarly invalid) tokens, however that seems to clearly not be the case as I can call other endpoints with that very token.

我想念什么?

推荐答案

感谢@MikeOliver当我注册Teams时，它创建了另一个目录.仅第二个目录具有团队的许可证"目录.(从天蓝色门户网站的许可证"页面可见).

Solved thanks to @MikeOliver When I signed up for Teams it created another directory. Only that second directory had a Teams "license" (visible from the azure portal's License page).

这篇关于从Microsoft Graph请求'/joinedTeams'时出现'Unauthorized'错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！