无法使用Azure应用通过图谱API访问一个驱动器 [英] Can't access one drive through graph API using Azure app
问题描述
我指的是
如果我错过了一些东西,请告诉我.
如何使用Azure应用程序通过图形API访问一个驱动器?
示例中获取令牌的方式与明确提供:
https://graph.microsoft.com/v1.0/users/{id |userPrincipalName}/drive/sharedWithMe I am referring this medium blog and the official document from Microsoft to access one drive through graph API using the Azure app. I am using the following node.js code to get access token for Microsoft Graph API:
const axios = require('axios');
const qs = require('qs');
const postData = {
client_id: client_id from azure app,
scope: 'https://graph.microsoft.com/.default',
client_secret: app_secret from azure app
grant_type: 'client_credentials'
};
axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded';
try{
let res = await axios.post('https://login.microsoftonline.com/{tenant from azure app}/oauth2/v2.0/token', qs.stringify(postData));
console.log(res.data);
}catch (e) {
console.log(e.message);
}
The above code returns the following response:
{
token_type: 'Bearer',
expires_in: 3599,
ext_expires_in: 3599,
access_token: 'value of access token'
}
Everything works fine till the above step. I take the access token from the above response and try to execute the following graph API to access one drive:
let config = { headers:
{'Authorization': "Bearer "+ res.data.access_token} # Obtain access token from the above response
};
let res_drive = await axios.get("https://graph.microsoft.com/v1.0/me/drive/sharedWithMe", config);
However, the above graph API call returns the following response:
{
"error": {
"code": "BadRequest",
"message": "Unable to retrieve user's mysite URL.",
"innerError": {
"date": "2020-07-02T14:08:36",
"request-id": "67ef24fa-XXXX-XXXX-853a-XXXXXXXXXXXX"
}
}
}
I have also set the permission to access graph API using Azure application as shown below:
Please let me know in case I am missing something.
How can I access one drive through graph API using the Azure app?
The way how token is acquired in your example corresponds to OAuth client credentials grant flow (application permissions). There is no me context available in this flow (it just an alias for the signed-in user) since there is no presence of signed-in user in this flow and that's the reason why the provided error occurs in the first place.
To call shared files endpoint in this flow, user needs to be explicitly provided:
https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/drive/sharedWithMe
这篇关于无法使用Azure应用通过图谱API访问一个驱动器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
