Microsoft Graph API - 错误 403“权限不足，无法完成操作" [英] Microsoft Graph API - error 403 "Insufficient privileges to complete the operation"

问题描述

我正在尝试使用 AzureR 系列的 R 包通过图形 API 与 Outlook 交互.使用 Microsoft365R 我有以下代码:

I'm trying to use the AzureR family of R packages to interact with Outlook through the Graph API. Using Microsoft365R I have the following code:

outl <- get_business_outlook(
  tenant = tenant_id,
  app = client_id,
  password = client_secret
)

但这会导致 403 错误:

But this results in a 403 error:

过程响应错误(res，match.arg(http_status_handler)，简化):禁止 (HTTP 403).无法完成操作.信息:权限不足，无法完成操作.

Error in process_response(res, match.arg(http_status_handler), simplify) : Forbidden (HTTP 403). Failed to complete operation. Message: Insufficient privileges to complete the operation.

相关应用具有 API 权限 Mail.ReadWrite、Mail.ReadWriteShared、Mail.Send、Mail.Send.Shared、offline_access、openid、User.Read.

The app in question has the API permissions Mail.ReadWrite, Mail.ReadWriteShared, Mail.Send, Mail.Send.Shared, offline_access, openid, User.Read.

我也尝试过直接使用 AzureGraph 包，例如:

I also tried using the AzureGraph package directly like:

login <- create_graph_login(
  tenant = tenant_id,
  app = client_id,
  password = client_secret
)

这有效，我得到了一个令牌.然后我尝试使用 me <- login$get_user() 提取用户信息，但这会引发与上述相同的 403 错误.我怀疑我需要做一些事情来对用户进行实际身份验证，但我真的不知道是什么.

This works and I get a token. I then try to extract user information with me <- login$get_user(), but this throws the same 403 error as above. I suspect there is something I need to do to actually authenticate the user, but I can't really figure out what.

我对 Graph API 完全陌生，所以很可能我错过了一些明显的东西.任何帮助表示赞赏！

I am entirely new to the Graph API so it's very possible that I have missed something obvious. Any help appreciated!

推荐答案

Microsoft365R/AzureGraph 作者在这里.在您显示的代码中，使用 get_business_onedrive() 和 create_graph_login()，您将作为应用程序进行身份验证，而不是作为用户进行身份验证.这意味着不涉及用户帐户，因此您无法查看用户详细信息或发送电子邮件.

Microsoft365R/AzureGraph author here. In the code you show, both with get_business_onedrive() and create_graph_login(), you are authenticating as the app, not as the user. This means that there is no user account involved, hence you're unable to view user details or send email.

要以用户身份进行身份验证，请运行

To authenticate as the user, run

# Microsoft365R
get_business_outlook("tenant_id", app="client_id")

# AzureGraph
create_graph_login("tenant_id", app="client_id")

即，没有 password 参数.如果 R 打开一个浏览器窗口供您登录 Azure(或显示它已成功登录)，您应该知道它正在工作.

ie, without the password argument. You should know it's working if R opens up a browser window for you to login to Azure (or to show it's successfully logged in).

AzureAuth 包的最新版本有一个vignette 对各种身份验证方案进行了更多解释.AzureAuth::get_azure_token 是Microsoft365R 和AzureGraph 用来获取OAuth 令牌的底层函数，您可以从get_business_outlook 和 中传递小插图中提到的参数create_graph_login.

The latest revision of the AzureAuth package has a vignette that explains a bit more on the various authentication scenarios. AzureAuth::get_azure_token is the underlying function used to obtain an OAuth token by Microsoft365R and AzureGraph, and you can pass down the arguments mentioned in the vignette from get_business_outlook and create_graph_login.

这篇关于Microsoft Graph API - 错误 403“权限不足，无法完成操作"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！