0
我的问题是ADAP for GRAPH API中的“SCOPE or PERMISSION”。ADAL 3.13 - 图表API
我使用ADAL 3.13和我创建了下面的脚本:
$adal = "C:\Users\filippog\Desktop\ADAL\_Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = "C:\Users\filippog\Desktop\ADAL\_Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
[System.Reflection.Assembly]::LoadFrom($adal)
[System.Reflection.Assembly]::LoadFrom($adalforms)
[string] $adTenant = "****"
[string] $clientId = "1950a258-227b-4e31-a9cf-717495945fc2" #id client of powershell
[string] $resourceAppIdURI = "https://graph.windows.net/"
[string] $authority = "https://login.microsoftonline.com/$adTenant"
[uri] $redirectUri = "urn:ietf:wg:oauth:2.0:oob" #redirect urPowerShell - i of powershell
[string] $resourceURI = 'https://graph.microsoft.com/'
[string] $scope = "scope=mail.read"
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority #,$false
$PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Always
$platformParam = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList $PromptBehavior
$userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList "****", "OptionalDisplayableId"
$authResult = $authContext.AcquireTokenAsync($resourceUri, $clientId, $redirectUri, $platformParam, $userId, $scope)
$AuthHeader=$authResult.result.CreateAuthorizationHeader()
$headers = @{
"Authorization" = $AuthHeader
"Content-Type" = "application/json"
}
Invoke-RestMethod -Headers $headers -Uri https://graph.microsoft.com/v1.0/me/messages -Method Get
我的问题是,当我执行一个脚本并调用图形(例如,graph/v1.0/me它的工作原理,但是当我调用graph/v1.0/me/messages,该脚本返回error 403。
你真的不应该使用非你自己的应用程序的客户端ID。注册自己的本地客户端应用程序非常简单,您将获得更多优势(例如,您可以在登录提示中控制命名和品牌)。 –