Microsoft Graph API获取用户的组授予权限错误
[英]Microsoft Graph API get groups for user gives privileges error
问题描述
Requirement : We would like to query the groups of a user via Microsoft's Graph API with the following request: 
要求 :我们希望通过Microsoft的Graph API通过以下请求查询用户组:
https://graph.microsoft.io/en-us/docs/api-reference/v1.0/api/user_getmembergroups https://graph.microsoft.io/zh-CN/docs/api-reference/v1.0/api/user_getmembergroups
In our case the response looks like this: 在我们的情况下,响应如下所示:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "a230a67e-8ef1-4f88-aa19-2c5b983c3de4",
"date": "2017-01-04T16:29:55"
}
}
} (Note: the GET https://graph.microsoft.com/v1.0/me/ is working fine and returns the user data) (注意:GET https://graph.microsoft.com/v1.0/me/正常工作并返回用户数据)
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "e23976a1-8bd9-4cca-a410-e095d2c2022d",
"businessPhones": [],
"displayName": "XXXX Vad",
"givenName": "XXXX",
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": "Vad",
"userPrincipalName": "XXXX.vad_outlook.com#EXT#@XXXXvadoutlook.onmicrosoft.com"
}
Environment: 环境:
- Application created on apps.dev.microsoft.com with the following parameters: o Application Id: 412386c3-8fa3-4000-9039-748111407XXX o Delegated Permissions: [ User.Read ] 使用以下参数在apps.dev.microsoft.com上创建的应用程序:o应用程序ID:412386c3-8fa3-4000-9039-748111407XXX o委托的权限:[User.Read]
- This application is visible on 'Azure Portal / AAD / Enterprise applications' and the user with a group 'BASIC' is added to this application 该应用程序在“ Azure门户/ AAD /企业应用程序”上可见,并且具有“ BASIC”组的用户已添加到此应用程序
An example of an access token obtained from AAD: 从AAD获得的访问令牌的示例:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/b9df6a2d-9150-45f9-abf0-9c30f9e527c7/",
"iat": 1483548390,
"nbf": 1483548390,
"exp": 1483552290,
"acr": "1",
"aio": "AQABAAEAAADRNYRQ3dhRSrm-4K-adpCJhEVX2WEl4aboghl6AXaqOVcbaQPl1yYg1X1D2r4cNxBYmPvUiTKE9bB6wwpNSBKeD2OZXhrzdE3FPddCzbaTo84X8aSoKFaAt2vysYSv1HdChNXBPbfrVlA6YBuSwVwEIAA",
"altsecid": "1:live.com:00037FFEC5917401",
"amr": [
"pwd"
],
"app_displayname": "XXX test",
"appid": "412386c3-8fa3-4000-9039-748111407XXX",
"appidacr": "0",
"email": "XXXX.vad@outlook.com",
"family_name": "Vad",
"given_name": "XXXX",
"idp": "live.com",
"ipaddr": "165.225.80.95",
"name": "XXXX Vad",
"oid": "e23976a1-8bd9-4cca-a410-e095d2c20XXX",
"platf": "3",
"puid": "10037FFE9D51DXXX",
"scp": "User.Read",
"sub": "sCDfsIUynhm4GdgPIe8hYguyNbbc7IBjZeKLd1UDXXX",
"tid": "b9df6a2d-9150-45f9-abf0-9c30f9e52XXX",
"unique_name": "live.com#XXXX.vad@outlook.com",
"ver": "1.0"
}
What am I doing wrong or what's missing? 我做错了什么或缺少了什么? Any help is appreciated. 任何帮助表示赞赏。
1 个解决方案
解决方案1
0 2017-01-05 17:05:13
You have to have admin consent right now to pull groups. 您必须立即获得管理员同意才能拉组。 They changed the required permissions a while back. 他们不久前更改了所需的权限。
https://blogs.msdn.microsoft.com/aadgraphteam/2015/03/18/update-to-graph-api-consent-permissions/ https://blogs.msdn.microsoft.com/aadgraphteam/2015/03/18/update-to-graph-api-consent-permissions/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.