获取refreshtoken,Microsoft Graph API 中的accesstoken [英] To get refreshtoken, accesstoken in Microsoft Graph API

查看:23
本文介绍了获取refreshtoken,Microsoft Graph API 中的accesstoken的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试在 Microsoft Graph API 中生成凭据(AccessToken、RefreshToken).按照

  • Client Secret 也得到了

  • API 权限列表

    • 根据

    注意:当我在上述请求中删除范围时,会收到 accesstoken,否则我会收到 ERROR Respose like

    <块引用>

    错误:invalid_grant 描述:AADSTS70008:提供的授权代码或刷新令牌由于不活动而过期.为此用户和资源发送新的交互式授权请求. 跟踪 ID: 98e82735-4764-496a-881b-9b78faf3f000 相关 ID: 3d4a78b2-5a26-47af-ae14-cbb82c12a9ae 时间戳: 2021-06-14 12:57:01Z"

    根据 OAuth2.0,我希望在生成 accesstoken 时不需要传递范围.

    回应:

    <代码>{token_type":承载者",范围":电子邮件 openid 配置文件 https://graph.microsoft.com/Files.Read https://graph.microsoft.com/Files.Read.All https://graph.microsoft.com/Files.Read.Selected https://graph.microsoft.com/Files.ReadWrite https://graph.microsoft.com/Files.ReadWrite.All https://graph.microsoft.com/Files.ReadWrite.AppFolder https://graph.microsoft.com/Files.ReadWrite.Selected https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/Mail.Read https://graph.microsoft.com/Mail.Read.Shared https://graph.microsoft.com/Mail.ReadBasic https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Mail.ReadWrite.Shared https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Mail.Send.Shared https://graph.microsoft.com/MailboxSettings.Read https://graph.microsoft.com/MailboxSettings.ReadWrite https://graph.microsoft.com/POP.AccessAsUser.All https://graph.microsoft.com/SMTP.Send https://graph.microsoft.com/User.Export.All https://graph.microsoft.com/User.Invite.All https://graph.microsoft.com/User.ManageIdentities.All https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.Read.All https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadWrite.All",expires_in":3599,ext_expires_in":3599,access_token":eyJ0eXAiOiJKV1QiLCJubxxxxxxxxxxxxx"}

    如果您在上面看到的 json 响应来自邮递员,则缺少刷新令牌.

    按照

    回复:

    <代码> {token_type":承载者",范围":电子邮件 Mail.Read User.Read profile openid",expires_in":3599,ext_expires_in":3599,access_token":eyJ0eXAiOiJKV1QiLCJub25jZSI6ImZWTnhDbVBlZkRMd3g3eG5PbDZxNE5jWkNCV3lETGZJR3FoamU5QktGMDQiLCJhbGciOiJSUzI1NiIsIxxxx",refresh_token":0.AXEAYH3m5fSttECIPDUdwv7vThdQk6TogBNEp2J4CzLY-WhxANs.AgABAAAAAAD--DLA3VO7QrddgJg7Wevxxxxx",id_token":eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCHJPRFhFS9.eyJhdWQiOiJhNDkzxxxxxxx"}

    I am trying to generate credentials (AccessToken, RefreshToken) in Microsoft Graph API. Successfully generated AccessToken by following this Documentation. But I am struggling with the way to get a refresh token.

    Steps:

    • App Registration is done in Azure Active Directory.

    • Client Secret also got

    • List of API Permission Given

    As per this Documentation, I followed the remaining steps to generate credentials.

    • Below mentioned Authorization Request pasted in google URL and got code value as well.

    Request:

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  ?client_id=14edf196-xxxxxx
  &response_type=code
  &redirect_uri=https://oauth.pstmn.io/v1/browser-callback 
  &response_mode=query
  &scope=offline_access%20Mail.Read%20Mail.ReadBasic%20Mail.ReadWrite%20Mail.Read.Shared%20Mail.ReadWrite.Shared%20Mail.Send%20Mail.Send.Shared%20MailboxSettings.Read%20MailboxSettings.ReadWrite%20IMAP.AccessAsUser.All%20POP.AccessAsUser.All%20SMTP.Send%20Files.Read%20Files.Read.All%20Files.ReadWrite%20Files.ReadWrite.All%20Files.ReadWrite.AppFolder%20Files.Read.Selected%20Files.ReadWrite.Selected%20User.Read%20User.ReadWrite%20User.ReadBasic.All%20User.Read.All%20User.ReadWrite.All%20User.Invite.All%20User.Export.All%20User.ManageIdentities.All
  &state=12345

    Code value:

    0.ASUAYH3m5fSttECIPDUdwv7vTpbx7RSNwIhCtEISG2GkwQwlAMQ.AQABAAIAAADxxxxxxxxxxxxxxxxx

    • Next step is to get AccessToken, for this POST request made in Postman which gives AccessToken in Response

      Note: When i remove scope in above request, accesstoken received, otherwise i got ERROR Respose like

      "error: invalid_grant Description:AADSTS70008: The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource. Trace ID: 98e82735-4764-496a-881b-9b78faf3f000 Correlation ID: 3d4a78b2-5a26-47af-ae14-cbb82c12a9ae Timestamp: 2021-06-14 12:57:01Z"

    As per OAuth2.0, i hope no need to pass scope while generating accesstoken.

    Response:

    {
    "token_type": "Bearer",
    "scope": "email openid profile https://graph.microsoft.com/Files.Read https://graph.microsoft.com/Files.Read.All https://graph.microsoft.com/Files.Read.Selected https://graph.microsoft.com/Files.ReadWrite https://graph.microsoft.com/Files.ReadWrite.All https://graph.microsoft.com/Files.ReadWrite.AppFolder https://graph.microsoft.com/Files.ReadWrite.Selected https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/Mail.Read https://graph.microsoft.com/Mail.Read.Shared https://graph.microsoft.com/Mail.ReadBasic https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Mail.ReadWrite.Shared https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Mail.Send.Shared https://graph.microsoft.com/MailboxSettings.Read https://graph.microsoft.com/MailboxSettings.ReadWrite https://graph.microsoft.com/POP.AccessAsUser.All https://graph.microsoft.com/SMTP.Send https://graph.microsoft.com/User.Export.All https://graph.microsoft.com/User.Invite.All https://graph.microsoft.com/User.ManageIdentities.All https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.Read.All https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadWrite.All",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "eyJ0eXAiOiJKV1QiLCJubxxxxxxxxxxxxx"
}

    If you seen in above json response comes from postman, refresh token is missing.

    This refresh token is required while integrating MS Outlook operation in WSO2 EI by following this

    Kindly help me to get this. or what is the step that i missed?

    解决方案

    I have created another App and given limited set of scopes like email Mail.Read User.Read profile openid which has been passed to both Authorize and token endpoint. Now i can get access token, refresh token and id token in response.

    Response:

        {
    "token_type": "Bearer",
    "scope": "email Mail.Read User.Read profile openid",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6ImZWTnhDbVBlZkRMd3g3eG5PbDZxNE5jWkNCV3lETGZJR3FoamU5QktGMDQiLCJhbGciOiJSUzI1NiIsIxxxx",
    "refresh_token": "0.AXEAYH3m5fSttECIPDUdwv7vThdQk6TogBNEp2J4CzLY-WhxANs.AgABAAAAAAD--DLA3VO7QrddgJg7Wevxxxxx",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCHJPRFhFS9.eyJhdWQiOiJhNDkzxxxxxxx"
}

    这篇关于获取refreshtoken,Microsoft Graph API 中的accesstoken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    查看全文
    相关文章
    其他开发最新文章
    热门教程
    热门工具
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆