使用 Microsoft Graph 在守护程序上使用委派权限 [英] Use delegated permissions on a daemon using Microsoft Graph
问题描述
我正在尝试通过 OAUTH2 身份验证使用 Microsoft Graph API,但是我正在努力研究如何使用委派权限而不要求用户登录.
I'm trying to use the Microsoft Graph API through the OAUTH2 Authentication however I'm struggling to work out how to use Delegated Permissions and not require a user to login.
我很高兴向自己验证应用程序一次,但这将在守护程序/服务上运行,不会通过用户进行交互.因此,我不能使用 Microsoft 描述委派权限的方式,因为它首先使用 /authorize,然后可以调用 /token.
I'm happy to authenticate the app with myself once, but this will be running on a daemon/service and won't be interacted with via a user. Because of this I can't use the way Microsoft describes Delegated Permissions as that uses /authorize first and then a call can be made to /token.
我知道您可以使用 /token 的密钥,但似乎只使用应用程序权限而不是委托 - 这是我可以访问的.
I know you can use secret keys for /token but it seems that only is using the Application Permissions and not Delegated - which is what I have access to.
有没有一种方法可以像我是用户一样使用委派权限进行身份验证,但用户不必每次都使用登录页面?
Is there a way to authenticate using Delegated Permissions as if I was a user but without a user having to use a sign in page every time?
推荐答案
这不可能.术语委托"在这里非常有意,因为它意味着用户已将他们的权限委托给您的应用程序,因此您可以代表那个用户进行操作".应用程序权限未委派,因为上下文中没有 user 将其访问权限委派给您.
This isn't possible. The term "delegated" is very intentional here in that it means "the user has delegated their permissions to your application so you can operate on behalf of that user". Application permissions are not delegated because there is no user in context to delegate their access rights to you.
- Authorization Code = Delegated Permission Scopes
- Implicit Grants == Delegated Permission Scopes
- Client Credential Grants == Delegated Permission Scopes
Microsoft Graph 的大部分功能适用于应用程序和委托范围,因此在许多情况下,您仍然可以执行相同的方案.有一些注意事项,例如使用速记 /me 在没有用户身份验证时不存在(相反,您需要使用 /users[{id}]>).但是,在某些情况下,没有等效的应用程序范围,并且会定期查看这些范围以缩小差距.
Much of the Microsoft Graph functionality works with both Application and Delegated scopes so in many cases you can still execute the same scenarios. There are some caveats such as using the shorthand /me which doesn't exist when there isn't a user authenticated (instead you need to use /users[{id}]). There are however some cases where there isn't an equivalent Application scope and these are regularly looked at in an effort to close the gap.
这篇关于使用 Microsoft Graph 在守护程序上使用委派权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
