尝试在外部站点上显示用户照片时权限不足 [英] Insufficient Privileges when trying to display user photos on external sites

问题描述

我有这种情况.我正在尝试显示来自外部站点的用户照片，有关远程站点的所有配置都已设置.我在组织 A 和组织 B 中创建了一个连接的应用程序，我正在从组织 A 检索用户.

所有这些都有效，但是我无法显示这些用户的照片，因为要做到这一点，我必须能够使用我现在正在做的 ConnectApi.UserProfiles.GetPhoto 方法，但我不断收到不足"特权"错误.我尝试通过这样的邮递员获取 AccessToken

这会将我重定向到登录站点，以便我可以使用我的凭据登录我的组织.之后我得到一个 AccessToken.

接下来，我希望能够使用 AccessToken 从外部站点获取用户的照片，但是我仍然收到相同的错误消息权限不足".我错过了什么吗?提前致谢

根据:

所以另一个具有相同标题的 GET 和我有我丑陋的杯子:

如果你想要别人的照片 - 类似于 /services/data/v48.0/query?q=SELECT SmallPhotoUrl, FullPhotoUrl FROM User WHERE Id = '005...' 的查询应该可以工作.检查用户字段.>

<代码>{总大小": 1,完成": 真的，记录": [ {属性":{类型":用户"，网址":/services/data/v48.0/sobjects/User/(已编辑)"；},SmallPhotoUrl":https://(已编辑)/profilephoto/7293L0000008Tfq/T"，FullPhotoUrl":https://(已编辑)/profilephoto/7293L0000008Tfq/F"]]}

关键是使用新端点并在标头中传递会话 ID.您甚至可能会发现使用 Chatter API 更容易拉照片(也是基于REST的)

I have this situation. Im trying to display user photos from an external site, all the configurations about remote sites are already set. I created a connected app in org A and from org B i'm retrieving the users from org A.

All of this works however i cannot show the photos from those users because for that to happen i have to be able to use the ConnectApi.UserProfiles.GetPhoto method which i'm doing right now but i keep getting the "insufficient privileges" error. I tried getting the AccessToken through postman like this

This redirects me to the login site so i can log into my org with my credentials. After that i get an AccessToken.

Next up, i want to be able to get the photos from users from the external site with the AccessToken, However i'm still getting the same error message "Insufficient Priviledges". Am i missing something? thanks in advance

According to: https://sforcenotes.blogspot.com/2015/10/solution-to-display-salesforce-user.html?showComment=1596211057195#c5848226245946017759 The solution is fairly easy but this does not work

解决方案

I'm bit lost. You have some app that wants to log in to Salesforce and pull images from it? Or do you want to call out from Salesforce and pull images from external app? For first one you likely need "connected app". But you need "remote site settings" or "named credentials" only for calling out.

I'm assuming it's option 1.

There are lots of ways to log in to SF, SOAP API (just username + password), REST API (lots of OAuth2 options, with username+pass or username + JWT or just OAuth2 client id and user logs in to SF interactively, you don't see the password)... Sounds like you're past this stage?

A successful login response will look bit like that (depends on method used):

{"id":"https://login.salesforce.com/id/00Dx0000000BV7z/005x00000012Q9P",
"issued_at":"1278448832702",
"instance_url":"https://yourInstance.salesforce.com/",
"signature":"0CmxinZir53Yex7nE0TD+zMpvIWYGb/bdJh6XfOH6EQ=",
"access_token":"00Dx0000000BV7z!AR8AQAxo9UfVkh8AlV0Gomt9Czx9LjHnSSpwBMmbRcgKFmxOtvxjTrKW19ye6PE3Ds1eQz3z8jr3W7_VbWmEu4Q8TVGSTHxs",
"token_type":"Bearer"}

You're supposed to take from it the access_token (that's your session id. It'll always start with org's id, compare with Setup -> Company information) and instance_url (that's where you're supposed to send any subsequent requests. No more calling the login gateways: login.salesforce.com, test.salesforce.com or mydomain.my.salesforce.com). If you're getting "Insufficient Privileges" I think you didn't change the endpoint.

You can test you logged in OK by sending a GET to the id endpoint you received. It'll give you OpenId info about your user.

Here's my GET to fetch OpenId data with the "Authorization: Bearer " request

So another GET with same header and I have my ugly mug:

If you want somebody else's picture - query similar to /services/data/v48.0/query?q=SELECT SmallPhotoUrl, FullPhotoUrl FROM User WHERE Id = '005...' should work. Check User fields.

{
  "totalSize" : 1,
  "done" : true,
  "records" : [ {
    "attributes" : {
      "type" : "User",
      "url" : "/services/data/v48.0/sobjects/User/(redacted)"
    },
    "SmallPhotoUrl" : "https://(redacted)/profilephoto/7293L0000008Tfq/T",
    "FullPhotoUrl" : "https://(redacted)/profilephoto/7293L0000008Tfq/F"
  } ]
}

The key thing is to use the new endpoint and pass the session id in the header. You might even find it easier to use Chatter API to pull photos (also REST-based)

这篇关于尝试在外部站点上显示用户照片时权限不足的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！