Azure AD-获取用户的个人资料照片,OAUTH访问失败 [英] Azure AD - get user's profile photo, OAUTH access failure
问题描述
我正在尝试在使用EWS连接到Office 365的电子邮件应用程序的上下文中访问已登录用户的个人资料照片.
该应用已在portal.azure.com上注册,并具有以下必需的权限:
- Office 365 Exchange Online->通过Exchange Web服务以登录用户身份访问邮箱
- Windows Azure Active Directory->登录并读取用户配置文件
EWS部分工作正常,我可以使用"Authorization:Bearer access_token"登录用户,获取访问和刷新令牌,并执行EWS操作.
我遇到的麻烦是获取用户的个人资料照片.
这是我要去的文档:
我尝试在jwt.io上解码我的访问令牌,它具有:"scp":"full_access_as_user" -我的User.Read范围在哪里,或者完全访问"包括"user.read"?
有什么想法吗?
这是因为您尝试使用v2终结点Rest API,但未向v2终结点注册应用程序.
User Photo API仅在Azure AD v2身份验证终结点上可用,而在Azure AD和Oauth上不可用:
您需要转到> Microsoft应用程序注册门户 进行注册你的申请.有关更多详细信息,您可以参考
The part I'm having trouble with is getting the user's profile photo. This is the docs I'm going by: https://msdn.microsoft.com/en-us/office/office365/api/photo-rest-operations The API endpoint I'm trying to use is: GET https://outlook.office.com/api/v2.0/me/photo ... with "Authorization: Bearer access_token" header. The above API returns this response: HTTP 403
{"error":{"code":"ErrorAccessDenied","message":"Access is denied.
Check credentials and try again."}} What could be wrong? I've tried decoding my access token at jwt.io, it has: Any ideas? This is because that you tried use v2 endpoint Rest API but you didn't register the Application with v2 endpoint. User Photo API is only available on Azure AD v2 authentication endpoint, Not Azure AD and Oauth: You need to go to Microsoft Application Registration Portal to register your Application. For more details , you can refer to this document. 这篇关于Azure AD-获取用户的个人资料照片,OAUTH访问失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
"scp": "full_access_as_user" - where is my User.Read scope, or does "full access" include "user.read"?
