[英]Access is denied. Check credentials and try again
I am trying to access calendar events using the Microsoft Graph API (https://graph.microsoft.com/v1.0/me/calendarView) on node.js following this permissions guide but I receive the error response : 我正在按照此权限指南在node.js上使用Microsoft Graph API (https://graph.microsoft.com/v1.0/me/calendarView)访问日历事件,但收到错误响应:
{
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "7c2...",
"date": "2016-07-13T21:19:11"
}
}
The call was made with using : 呼叫是使用进行的:
request({url : 'https://graph.microsoft.com/v1.0/me/calendarview', qs : queryParams, 'auth': {'bearer': token}}, function (error, response, body) {
...
});
The request has a valid token and the call to .../me/ via 该请求具有有效令牌,并且通过...调用... / me /
request({url : 'https://graph.microsoft.com/v1.0/me/', 'auth': {'bearer': token}}, function (error, response, body) {
...
});
returns : 返回:
{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id":"<valid_id>",
"businessPhones":[],
"displayName":"<valid_name>",
"givenName":"<valid_name>",
"jobTitle":"<valid_title>",
"mail":"<valid_email>",
"mobilePhone":"<valid_cell>",
"officeLocation":null,
"preferredLanguage":"en-US",
"surname":"<valid_name>",
"userPrincipalName":"<valid_email>"}
So I am assuming this is an issue with permissions set on https://manage.windowsazure.com/ where I created two applications, one for the node server and one for the web client application. 因此,我假设这是在https://manage.windowsazure.com/上设置的权限存在的问题,在这里我创建了两个应用程序,一个用于节点服务器,一个用于Web客户端应用程序。 I am using passport for authentication and the client id and secret for the web client application. 我正在使用护照进行身份验证,并使用Web客户端应用程序的客户端ID和密码。
var AzureOAuthStrategy = require('passport-azure-oauth').Strategy;
passport.use(new AzureOAuthStrategy({
clientId: config.live.clientID,
clientSecret: config.live.clientSecret,
tenantId: config.live.tenant,
resource: 'https://graph.microsoft.com/',
redirectURL: config.live.callbackURL
},
function(accessToken, refreshToken, profile, done) {
Here is what I set for "permissions to other applications" on the node application : 这是我为节点应用程序上的“其他应用程序的权限”设置的内容:
Here is what I set for "permissions to other application" on the web client application : 这是我为Web客户端应用程序上的“其他应用程序的权限”设置的内容:
I'm not 100% on what the relationship between the permissions set within the azure management portal and specific end point access. 我对Azure管理门户中设置的权限与特定端点访问之间的关系不是100%的了解。 I have read the API scope article but discussion in that article is a bit too conceptual for my needs. 我已经阅读了API作用域文章,但是该文章中的讨论对于我的需求而言太概念化了。
Ultimately I am trying to access and write events to all reservable resources within a tenant id. 最终,我试图访问事件并将其写入租户ID中的所有可保留资源。
I was able to resolve the issue by deleting then regenerating the application through https://manage.windowsazure.com/ then updating the client id and secret. 我能够通过删除然后通过https://manage.windowsazure.com/重新生成应用程序,然后更新客户端ID和密码来解决该问题。 I was, after the fact, able to remove the native client (node) app from the application list and still make the call work. 事实上,我能够从应用程序列表中删除本机客户端(节点)应用程序,并且仍然可以进行通话。
And while I did not use the reference https://jwt.io/ provided by Fei Xue, I assume it will be invaluable for debugging azure to API permissions in the future. 虽然我没有使用Fei Xue提供的参考https://jwt.io/ ,但我认为它对于将来调试Azure权限到API权限将是非常宝贵的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.