Azure Active Directory 应用程序权限更改延迟 [英] Azure Active Directory Application Permission Change Delay

问题描述

我正在使用 Azure Active Directory 为我的应用程序提供对 Microsoft Graph API 的访问权限.

I am using Azure Active Directory to give my application access to the Microsoft Graph API.

当我进行权限更改(例如，对各种类型的数据进行读/写访问)时，我注意到从保存更改到我能够通过 API 访问新数据的时间有所延迟.但是，我确实注意到，一段时间后我的 API 调用开始起作用.我的问题是

When I make permission changes (e.g., read/write access for various types of data) I am noticing a delay from when the changes are saved and when I am able to access the new data through the API. I do notice, however, that after some time my API calls start to work. My questions are

1. 这是预期的行为吗?
2. 是否有文档说明每个 Microsoft Graph API 请求所需的权限?

请注意，我在每次更改权限后、在发出相关 API 请求之前都请求一个新令牌.

Note that I am requesting a new token after making each permission change, before making the relevant API request.

推荐答案

当您更改范围时(如果您使用 Azure 来管理这些自动化)，您必须请求用户的新同意.确保能够使用 PromptBehavior.Always 参数一次性"调用 ADAL AcquireTocken 方法.我认为刷新您的同意并让您的新范围可用就足够了.

When you changed your scopes (if you use Azure to manage thoses Autorizations) you have to request new consent from your users. Be sure to be able to call "one time" the ADAL AcquireTocken method, with the PromptBehavior.Always parameter. I think it will be enough to refresh your consents and make your new scopes availables.

这是我使用的宏代码:

        if (mustRefreshBecauseScopesHasChanged)
        {
            authResult = await authContext.AcquireTokenAsync(GraphResourceId, ClientId, AppRedirectURI, PromptBehavior.Always);
        }
        else
        {
            authResult = await authContext.AcquireTokenSilentAsync(GraphResourceId, ClientId);

            if (authResult.Status != AuthenticationStatus.Success && authResult.Error == "failed_to_acquire_token_silently")
                authResult = await authContext.AcquireTokenAsync(GraphResourceId, ClientId, AppRedirectURI, PromptBehavior.Auto);
        }


        if (authResult.Status != AuthenticationStatus.Success)
        {
            if (authResult.Error == "authentication_canceled")
            {
                // The user cancelled the sign-in, no need to display a message.
            }
            else
            {
                MessageDialog dialog = new MessageDialog(string.Format("If the error continues, please contact your administrator.

Error: {0}

 Error Description:

{1}", authResult.Error, authResult.ErrorDescription), "Sorry, an error occurred while signing you in.");
                await dialog.ShowAsync();
            }
        }

有关范围权限的详细信息，您可以在此处找到它们:

For the scopes permissions détails, you will find them here :

http://graph.microsoft.io/en-us/docs/授权/许可范围

这篇关于Azure Active Directory 应用程序权限更改延迟的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！