我已经设置了Office 365 E3试用帐户。我在AAD注册了两个应用程序。AAD microsoft graph,客户端凭证
第一个使用“授权码流”并按预期工作(可以访问登录的用户日历)。
第二个应用程序使用“客户端凭据流”,不起作用。
1. login in Browser (Edge)
GET /OAuthTest3 HTTP/1.1
HTTP/1.1 302 Found
Location: https://login.microsoftonline.com/<tenant>/adminconsent?client_id=<app_id>&redirect_uri=http://localhost:1234/OAuthTest3
GET /OAuthTest3?admin_consent=True&tenant=<tenant> HTTP/1.1
HTTP/1.1 200 OK
2. connect to https://login.microsoftonline.com/
POST /<tenant>/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
client_id=<app_id>&
client_secret=<client_secret>&
grant_type=client_credentials&
redirect_uri=http://localhost:1234/OAuthTest3&
resource=https://graph.microsoft.com/&
scope=https://graph.microsoft.com/calendars.readwrite
HTTP/1.1 200 OK
{
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "0",
"expires_on": "1504333342",
"not_before": "1504329442",
"resource": "https://graph.microsoft.com/",
"access_token": <token>
}
3. connect to https://graph.microsoft.com/
GET /v1.0/users/<user>/calendars HTTP/1.1
Host: graph.microsoft.com
Authorization: Bearer <token>
HTTP/1.1 403 Forbidden
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "e7228de4-2b27-4779-abef-ccab0d88970a",
"date": "2017-09-02T05:22:27"
}
}
}
感谢
周华健
Hello Emil。我想你正在使用V2端点,你使用的是哪个库? –
嗨让马克,我使用端点https://login.microsoftonline.com//adminconsent和https://login.microsoftonline.com/ /oauth2 /令牌授权。 和https://graph.microsoft.com/v1.0/users/ 为图api。我正在实施我自己的图书馆。 –