Microsoft Graph 范围 v2 oauth [英] Microsoft Graph scopes v2 oauth
问题描述
我正在尝试构建一个简单的 Ruby 应用程序,该应用程序可以连接到 Microsoft Graph API 并获取有关用户的基本信息,例如经理或直接下属.
I'm trying to build a simple Ruby application that can connect to the Microsoft Graph API and get basic information about the user, for example the manager or direct reports.
我遵循了 0365 教程,并且我有一个能够获取用户邮件的工作应用程序.但是,当我尝试使用会话令牌查询图形 api 时,出现错误:
I've followed a 0365-tutorial and i've got a working app that is able to get a user's mail. However when I try to then use the session tokens to query the graph api, i get an error:
response.body
=> "{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "18cbc6be-5254-400c-9780-7427376587fb",
"date": "2016-06-30T22:21:55"
}
}
}"
我正在使用范围
SCOPES = [ 'openid', 'profile', 'https://outlook.office.com/contacts.read', 'offline_access' ]
刚刚有人建议我包含范围 'https://graph.microsoft.com/user.read',但是当我将它添加到应用程序时,我什至在点击用户登录页面之前收到以下错误:
I've just been suggested to include the scope 'https://graph.microsoft.com/user.read', but when i add this to the application i get the following error before even hitting the user login page:
AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope openid profile offline_access https://graph.microsoft.com/user.read is not valid.
对此的任何帮助将不胜感激!
Any help on this would be appreciated!
推荐答案
好的.问题是您同时包含 Outlook(https://outlook.office.com/contacts.read 范围)和 Graph(https://graph.microsoft.com/user.read 范围).不幸的是,Azure 的授权端点不支持这样的混合范围.您可以删除 Outlook 范围(假设您不需要它),或将其更改为 Graph 等效项:https://graph.microsoft.com/contacts.read(如果您需要访问已登录用户的个人联系人).
Ok. The problem is that you are including scopes for both Outlook (the https://outlook.office.com/contacts.read scope) and Graph (the https://graph.microsoft.com/user.read scope). Unfortunately Azure's authorization endpoint doesn't support mixing scopes like that. You can either remove the Outlook scope (assuming you don't need it), or change it to the Graph equivalent: https://graph.microsoft.com/contacts.read (if you need to access the logged on user's personal contacts).
这篇关于Microsoft Graph 范围 v2 oauth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
