获取refreshtoken,Microsoft Graph API 中的accesstoken [英] To get refreshtoken, accesstoken in Microsoft Graph API
问题描述
我正在尝试在 Microsoft Graph API 中生成凭据(AccessToken、RefreshToken).按照
Client Secret 也得到了
API 权限列表
根据
注意:当我在上述请求中删除范围时,会收到 accesstoken,否则我会收到 ERROR Respose like
<块引用>错误:invalid_grant 描述:AADSTS70008:提供的授权代码或刷新令牌由于不活动而过期.为此用户和资源发送新的交互式授权请求. 跟踪 ID: 98e82735-4764-496a-881b-9b78faf3f000 相关 ID: 3d4a78b2-5a26-47af-ae14-cbb82c12a9ae 时间戳: 2021-06-14 12:57:01Z"
根据 OAuth2.0,我希望在生成 accesstoken 时不需要传递范围.
回应:
<代码>{token_type":承载者",范围":电子邮件 openid 配置文件 https://graph.microsoft.com/Files.Read https://graph.microsoft.com/Files.Read.All https://graph.microsoft.com/Files.Read.Selected https://graph.microsoft.com/Files.ReadWrite https://graph.microsoft.com/Files.ReadWrite.All https://graph.microsoft.com/Files.ReadWrite.AppFolder https://graph.microsoft.com/Files.ReadWrite.Selected https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/Mail.Read https://graph.microsoft.com/Mail.Read.Shared https://graph.microsoft.com/Mail.ReadBasic https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Mail.ReadWrite.Shared https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Mail.Send.Shared https://graph.microsoft.com/MailboxSettings.Read https://graph.microsoft.com/MailboxSettings.ReadWrite https://graph.microsoft.com/POP.AccessAsUser.All https://graph.microsoft.com/SMTP.Send https://graph.microsoft.com/User.Export.All https://graph.microsoft.com/User.Invite.All https://graph.microsoft.com/User.ManageIdentities.All https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.Read.All https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadWrite.All",expires_in":3599,ext_expires_in":3599,access_token":eyJ0eXAiOiJKV1QiLCJubxxxxxxxxxxxxx"}
如果您在上面看到的 json 响应来自邮递员,则缺少刷新令牌.
按照
回复:
<代码> {token_type":承载者",范围":电子邮件 Mail.Read User.Read profile openid",expires_in":3599,ext_expires_in":3599,access_token":eyJ0eXAiOiJKV1QiLCJub25jZSI6ImZWTnhDbVBlZkRMd3g3eG5PbDZxNE5jWkNCV3lETGZJR3FoamU5QktGMDQiLCJhbGciOiJSUzI1NiIsIxxxx",refresh_token":0.AXEAYH3m5fSttECIPDUdwv7vThdQk6TogBNEp2J4CzLY-WhxANs.AgABAAAAAAD--DLA3VO7QrddgJg7Wevxxxxx",id_token":eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCHJPRFhFS9.eyJhdWQiOiJhNDkzxxxxxxx"}
I am trying to generate credentials (AccessToken, RefreshToken) in Microsoft Graph API. Successfully generated AccessToken by following this Documentation. But I am struggling with the way to get a refresh token.
Steps:
App Registration is done in Azure Active Directory.
Client Secret also got
List of API Permission Given
As per this Documentation, I followed the remaining steps to generate credentials.
- Below mentioned Authorization Request pasted in google URL and got code value as well.
Request:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
?client_id=14edf196-xxxxxx
&response_type=code
&redirect_uri=https://oauth.pstmn.io/v1/browser-callback
&response_mode=query
&scope=offline_access%20Mail.Read%20Mail.ReadBasic%20Mail.ReadWrite%20Mail.Read.Shared%20Mail.ReadWrite.Shared%20Mail.Send%20Mail.Send.Shared%20MailboxSettings.Read%20MailboxSettings.ReadWrite%20IMAP.AccessAsUser.All%20POP.AccessAsUser.All%20SMTP.Send%20Files.Read%20Files.Read.All%20Files.ReadWrite%20Files.ReadWrite.All%20Files.ReadWrite.AppFolder%20Files.Read.Selected%20Files.ReadWrite.Selected%20User.Read%20User.ReadWrite%20User.ReadBasic.All%20User.Read.All%20User.ReadWrite.All%20User.Invite.All%20User.Export.All%20User.ManageIdentities.All
&state=12345
Code value:
0.ASUAYH3m5fSttECIPDUdwv7vTpbx7RSNwIhCtEISG2GkwQwlAMQ.AQABAAIAAADxxxxxxxxxxxxxxxxx
Next step is to get AccessToken, for this POST request made in Postman which gives AccessToken in Response
Note: When i remove scope in above request, accesstoken received, otherwise i got ERROR Respose like
"error: invalid_grant Description:AADSTS70008: The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource. Trace ID: 98e82735-4764-496a-881b-9b78faf3f000 Correlation ID: 3d4a78b2-5a26-47af-ae14-cbb82c12a9ae Timestamp: 2021-06-14 12:57:01Z"
As per OAuth2.0, i hope no need to pass scope while generating accesstoken.
Response:
{
"token_type": "Bearer",
"scope": "email openid profile https://graph.microsoft.com/Files.Read https://graph.microsoft.com/Files.Read.All https://graph.microsoft.com/Files.Read.Selected https://graph.microsoft.com/Files.ReadWrite https://graph.microsoft.com/Files.ReadWrite.All https://graph.microsoft.com/Files.ReadWrite.AppFolder https://graph.microsoft.com/Files.ReadWrite.Selected https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/Mail.Read https://graph.microsoft.com/Mail.Read.Shared https://graph.microsoft.com/Mail.ReadBasic https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Mail.ReadWrite.Shared https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Mail.Send.Shared https://graph.microsoft.com/MailboxSettings.Read https://graph.microsoft.com/MailboxSettings.ReadWrite https://graph.microsoft.com/POP.AccessAsUser.All https://graph.microsoft.com/SMTP.Send https://graph.microsoft.com/User.Export.All https://graph.microsoft.com/User.Invite.All https://graph.microsoft.com/User.ManageIdentities.All https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.Read.All https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadWrite.All",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJubxxxxxxxxxxxxx"
}
If you seen in above json response comes from postman, refresh token is missing.
This refresh token is required while integrating MS Outlook operation in WSO2 EI by following this
Kindly help me to get this. or what is the step that i missed?
I have created another App and given limited set of scopes like email Mail.Read User.Read profile openid which has been passed to both Authorize and token endpoint. Now i can get access token, refresh token and id token in response.
Response:
{
"token_type": "Bearer",
"scope": "email Mail.Read User.Read profile openid",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6ImZWTnhDbVBlZkRMd3g3eG5PbDZxNE5jWkNCV3lETGZJR3FoamU5QktGMDQiLCJhbGciOiJSUzI1NiIsIxxxx",
"refresh_token": "0.AXEAYH3m5fSttECIPDUdwv7vThdQk6TogBNEp2J4CzLY-WhxANs.AgABAAAAAAD--DLA3VO7QrddgJg7Wevxxxxx",
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCHJPRFhFS9.eyJhdWQiOiJhNDkzxxxxxxx"
}
这篇关于获取refreshtoken,Microsoft Graph API 中的accesstoken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!