Microsoft Graph 访问令牌包含错误的联系人 API 权限 [英] Microsoft Graph Access Token contains wrong permission for contacts API
问题描述
所以基本上我需要访问 Office 365 用户的联系人.我使用 Microsoft 图形 API,并且可以通过 JSON 中的 HTTP GET 成功获取所有联系人.但现在我正在尝试将 JSON 写入
您可以通过 url 请求强制用户同意,将 &prompt=consent 附加到身份验证请求 URL.
https://login.microsoftonline.com/{tenant}/oauth2/authorize?client_id={your_client_id}&response_type=代码&response_mode=查询&resource=https://graph.microsoft.com&state=12345&提示=同意或者您只是代表此目录中的所有用户授予同意.为所有用户授予管理员同意意味着最终用户在使用应用程序时不会看到同意屏幕.
So basically I need to access the contacts of an office 365 user. I use the Microsoft graph API and I successfully can get all the contacts via an HTTP GET in a JSON. But now I'm trying to write a JSON to the https://graph.microsoft.com/v1.0/me/contacts API with an HTTP POST, but I get a 403 - Permission Denied every time. So I went to https://jwt.io/ and checked my access token and saw that I don't have the permissions to write in the contacts.
I get those permissions:
"scp": "Contacts.Read openid profile User.Read"
Even though I only set Contacts.ReadWrite in the App Registration settings on the Azure portal.
I've tried updating the permissions but that didn't help.
If you have changed the permissions, users need to consent again.
You can force user consent through a url request, append &prompt=consent to the authentication request URL.
https://login.microsoftonline.com/{tenant}/oauth2/authorize?
client_id={your_client_id}
&response_type=code
&response_mode=query
&resource=https://graph.microsoft.com
&state=12345
&prompt=consent
Or you just grant consent on behalf of all users in this directory. Granting admin consent for all users means that end users will not be shown a consent screen when using the application.
这篇关于Microsoft Graph 访问令牌包含错误的联系人 API 权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
