获取 Microsoft Graph API 的访问令牌 [英] Getting the access token for Microsoft Graph API

问题描述

我正在尝试获取 Microsoft Graph API 的访问令牌，以便访问 SharePoint 文档库.我的应用程序是 Windows 服务，因此我遵循

此外，当使用客户端凭据流获取访问令牌时，您可以检查访问令牌中的 roles 声明(这是检查应用程序权限的方式，而不是令牌响应)，使用像

I'm trying to get the access token for the Microsoft Graph API in order to access a SharePoint document library. My application is a windows service, hence I'm following the procedure described here.

But when I try to get the access token, the response that I get doesn't have the scope value. Below is my response:

{
  "token_type": "Bearer",
  "expires_in": "3600",
  "expires_on":"1492452559",
  "not_before": "1492448659",
  "resource": "https://graph.microsoft.com",
  "access_token": "Token"
}

Because of this when I try to query the Graph API with this access token, I'm getting an error saying: Either scp or roles claim need to be present in the token

Can someone please help me on how to get this working? Thanks in advance.

解决方案

That seems your client application hasn't set the appropriate app permissions when using client credential flow , below is an illustration of application permissions section in Azure AD classic portal. Please select appropriate permissions needed and retry :

And in addition , when using client credential flow to get the access token , you could check the roles claims in access token(that is the way to check the app permission, not in token response) , using a tool like http://jwt.calebb.net/ to decode the access token and check the app permissions :

这篇关于获取 Microsoft Graph API 的访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！