[英]Subscribe from daemon to Office 365 Streaming Notifications on behalf of a user
From windows my service I need to be able to subscribe to event notifications in Office 365 meeting room calendars in my tenant. 从Windows我的服务中,我需要能够在租户中的Office 365会议室日历中订阅事件通知。 Because of security reasons, there is no way to use push notifications, thus using streaming notifications is only plausible (or polling, but that is the last resort).
由于安全原因,无法使用推送通知,因此使用流式通知仅是合理的(或轮询,但这是最后的手段)。 But as described on that page, the scope of the subscription can not be changed from current user 'me'.
但是,如该页面上所述,无法从当前用户“ me”更改订阅范围。 Thus I can not rely on application role assignments (which I can already use to poll the calendars of interest with Graph API).
因此,我不能依赖于应用程序角色分配(我已经可以使用它来通过Graph API轮询感兴趣的日历)。 Of course, I have user credentials for those meeting room accounts - but basic authentication is not supported for a while.
当然,我拥有这些会议室帐户的用户凭据-但是一段时间不支持基本身份验证。
The challenge: my service needs to act on behalf of the meeting room user(s) to subscribe and to receive notifications but from a daemon service, without user interaction. 挑战:我的服务需要代表会议室用户进行操作,以便从守护程序服务进行订阅和接收通知,而无需用户交互。 Practically it will have a management UI, but after adding a meeting room the admin will leave that UI and the service will need to work alone, renew the subscription, re-establish stream in case of server restart.
实际上,它将具有管理UI,但是在添加会议室后,管理员将离开该UI,并且该服务将需要单独工作,续订订阅,在服务器重新启动的情况下重新建立流。
I suppose, that the device profile is one option. 我想, 设备配置文件是一种选择。
What approach/flow do you suggest? 您建议什么方法/流程?
I would say you have two options: 我会说您有两种选择:
calendars.read
application permission to subscribe to the notifications (though I haven't tried it myself). calendars.read
应用程序权限来订阅通知(尽管我自己还没有尝试过)。 calendars.read
scope. calendars.read
范围授予服务访问其日历的同意。 Yes, this approach requires user interaction in the management console one time. The device profile flow is pretty much the second option. 设备配置文件流程几乎是第二种选择。 It still requires the user to sign-in, and the service still acts on behalf of the user.
它仍然需要用户登录,并且该服务仍代表用户运行。 The only difference is how the user enters their credentials.
唯一的区别是用户输入凭据的方式。 It sounds like for your purposes, the regular OAuth authorization code flow will be more appropriate than the device profile flow (which is meant mostly for limited input devices).
听起来像是出于您的目的,常规的OAuth授权代码流将比设备配置文件流(这主要用于有限的输入设备)更合适。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.