Outlook REST API:尝试使用AZURE AD身份验证调用API
[英]Outlook REST API: trying to call API using AZURE AD authentication
问题描述
Using the office 365 Outlook REST API (version 2), I have a web application managing outlook subscriptions to specific mail boxes. 
使用Office 365 Outlook REST API(版本2),我有一个Web应用程序,用于管理对特定邮箱的Outlook订阅。 I've been able to use the examples to obtain a token and call the API using the authorization code flow, successfully. 我已经能够使用示例获取令牌并成功使用授权代码流调用API。
But now, I want to use a client credential flow and get a token using Azure AD authentication via delegate permissions (I gave the application all possible delegate permissions under office 365 exchange online). 但是现在,我想使用客户端凭据流,并通过代理权限使用Azure AD身份验证获取令牌(我在Office 365在线交换下为应用程序提供了所有可能的代理权限)。 Similar to what I've seen here: Get Office 365 API access token without user interaction 与我在这里看到的类似:在没有用户交互的情况下获取Office 365 API访问令牌
I've registered my application and gotten my tenant ID, client ID & secret. 我已经注册了我的申请,并获得了我的房客ID,客户ID和机密信息。 I've been able to get a token but when I try to use it, I get 401, unauthorized back. 我已经能够获得令牌,但是当我尝试使用令牌时,我得到了未经授权的401返回。
Here's how I'm getting the token: 这是我获取令牌的方式:
AuthenticationContext authContext = new AuthenticationContext($"{authority}{tenantId}");
clientCredential = new ClientCredential(client_Id, secret);
authResult = await authContext.AcquireTokenAsync(resource, clientCredential);
authResult.AccessToken;
And here's how I'm trying to use the API (trying to delete the subscription using REST sharp in this code): 这是我尝试使用API的方式(尝试在此代码中使用REST Sharp删除订阅):
var token = await GetOtherToken(account);
rc = new RestClient("https://outlook.office.com/api/v2.0");
rc.AddDefaultHeader("Authorization", $"Bearer {token}");
request = new RestRequest($"me/subscriptions('{restSubId}')", Method.DELETE);
request.AddHeader("Content-Length", "0");
request.AddHeader("Content-Type", "multipart/form-data");
Looks like this is not possible. 看起来这是不可能的。 Please, someone, drop some knowledge. 请有人,丢下一些知识。 Thanks for reading. 谢谢阅读。
1 个解决方案
解决方案1
0 已采纳 2017-05-17 05:35:36
When using client credential flow to acquire a token for resource , you are using application identity instead of as a user's identity. 使用客户端凭证流获取资源的令牌时,您使用的是应用程序身份而不是用户身份。 So you should assign application permission for your app(not delegate permissions) . 因此,您应该为应用程序分配应用程序权限(而不是委托权限)。 In addition , since you are using app identity instead of user's identity , api can't recognize me ( https://outlook.office.com/api/v2.0/me ) . 另外,由于您使用的是应用程序身份而非用户身份,因此api无法识别me ( https://outlook.office.com/api/v2.0/me )。 Please click here for how to build service and daemon apps in Office 365 . 请单击此处以了解如何在Office 365中构建服务和守护程序应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.