如何从节点脚本获取 Microsoft Graph API 访问令牌? [英] How to get Microsoft Graph API Access token from Node Script?
问题描述
我想使用这个库与我的 AD 的图形 API 进行交互 - https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/nodejs.md
I'd like to use this library to interact with the graph API for my AD - https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/nodejs.md
但是,我发现返回访问令牌的所有现有 javascript 库都希望传入返回 URL,以及其他一些特定于 Web 的内容,这让我相信这是对 Microsoft 的某种要求结束.
However, all of the existing javascript libraries I've found to return access tokens expect a return URL to be passed in, as well as some other web-specific stuff, leading me to believe this is some kind of requirement on Microsoft's end.
在运行后端节点脚本(与 Web 无关)时,是否有任何好的方法来验证/接收访问令牌,以便我可以开始对 Microsoft Graph API 进行调用?提前感谢您的建议.
Is there any good way to authenticate/receive an access token while running a backend node script (nothing web related) so that I can begin to make calls against the Microsoft Graph API? Thanks in advance for the advice.
推荐答案
要运行连接到 Graph API 的后端非用户身份验证守护程序,您希望使用仅限应用的身份验证流程.这是 的快速摘要官方步骤:
To run a back-end non-user-authenticated daemon connected to the Graph API, you want to use the app-only authentication flow. Here's a quick summary of the official steps:
- 创建您的 Azure AD 租户.记下
yourtenant.onmicrosoft.com名称,并将该值复制下来. - 通过全局
Azure Active Directory刀片的App Registrations部分注册应用程序,而不是直接在租户属性中.复制应用程序ID;我们稍后会用到它. - 创建与注册相关的密钥并记住将其复制下来.一旦点击出去,就无法取回键值,所以一定要复制它.
- 将注册权限更新为您需要的权限,点击
Save,然后点击Grant Permissions按钮. - 向
login.microsoftonline.com域发出 HTTP 请求以获取访问令牌. - 使用访问令牌发出 Graph API 请求.
- Create your Azure AD Tenant. Note the
yourtenant.onmicrosoft.comname, and copy this value down. - Register an application through the global
Azure Active Directoryblade'sApp Registrationssection, not directly within the tenant properties. Copy theApplication ID; we'll need it later. - Create a key tied to the registration and remember to copy it down. Once you click out, you can't get the key value back, so make sure to copy it.
- Also update the registration's permissions to what you need, click
Save, and then also hit theGrant Permissionsbutton. - Make an HTTP request to the
login.microsoftonline.comdomain to obtain an access token. - Use the access token to make Graph API requests.
这里是微软 Node.js 示例的链接,这里是链接到 直接文档 上进行 HTTP 调用以检索访问令牌.这是一个超级精简的示例,它将输出检索到的访问令牌.替换 [Tenant]、[ApplicationID] 和 [Key] 值:
Here's a link to Microsofts Node.js example, and here's a link to the direct documentation on the HTTP call to make to retrieve an access token. And here's a super stripped-down example that will output the retrieved access token. Replace the [Tenant], [ApplicationID], and [Key] values:
const request = require("request");
const endpoint = "https://login.microsoftonline.com/[Tenant].onmicrosoft.com/oauth2/token";
const requestParams = {
grant_type: "client_credentials",
client_id: "[ApplicationID]",
client_secret: "[Key]",
resource: "https://graph.windows.net"
};
request.post({ url:endpoint, form: requestParams }, function (err, response, body) {
if (err) {
console.log("error");
}
else {
console.log("Body=" + body);
let parsedBody = JSON.parse(body);
if (parsedBody.error_description) {
console.log("Error=" + parsedBody.error_description);
}
else {
console.log("Access Token=" + parsedBody.access_token);
}
}
});
一旦我们有了 access_token,我们就可以调用 Graph API.假设应用程序权限配置正确并从第 4 步开始应用,我们可以开始发出 Graph API 请求:
Once we have the access_token, we can call out to the Graph API. Assuming the apps permissions were configured correctly and applied from step #4, we can start making Graph API requests:
function testGraphAPI(accessToken) {
request.get({
url:"https://graph.windows.net/[Tenant]/users?api-version=1.6",
headers: {
"Authorization": accessToken
}
}, function(err, response, body) {
console.log(body);
});
}
这篇关于如何从节点脚本获取 Microsoft Graph API 访问令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
