[英]Microsoft Graph Api token invalid or not authorized?
I'm trying to read the user's data from Azure Active Directory via Microsofts' Graph API. 我正在尝试通过Microsoft的Graph API从Azure Active Directory中读取用户的数据。 Using the Graph Explorer I'm able to get all users but using a stand alone application I end up with an "unauthorized" response after receiving a token. 使用Graph Explorer,我可以吸引所有用户,但是使用独立的应用程序,在收到令牌后,我得到一个“未经授权”的响应。 I'm clearly missing some steps but it isn't obvious to me what steps that would be. 我显然缺少一些步骤,但是对我来说,这显然不是什么步骤。 Any insight would be appreciated 任何见识将不胜感激
The code below is based off a MSFT sample: 以下代码基于MSFT示例:
// config values
// authority = "https://login.microsoftonline.com/{ TENANT ID }/oauth2/"
// resource uri = "https:// APP NAME .azurewebsites.net";
// graph uri = https://graph.windows.net/TENANT ID/ also tried https://graph.windows.net/v1.0/
// short form
public async void GetUsers( ADConfiguration config )
{
_authContext = new AuthenticationContext(config.GetAuthority());
_clientCredential = new ClientCredential(config.ClientId, config.ClientSecret);
AuthenticationResult result = null;
// obtain the token, this part is still successful
result = await _authContext.AcquireTokenAsync(config.ResourceUri, _clientCredential );
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
string address = config.GetGraphiUri() + "users?api-version=1.6";
// this response is always unauthorized
HttpResponseMessage response = await _httpClient.GetAsync(address);
}
In addition to answer your new problem . 除了回答您的新问题。 From you code , you are acquiring token using client credential flow . 通过您的代码,您正在使用客户端凭据流来获取令牌。 In the client credentials flow, permissions are granted directly to the application itself. 在客户端凭据流中,权限直接授予应用程序本身。
Since you are using Azure AD Graph API , you need to add application permission
: 由于使用的是Azure AD Graph API,因此需要添加application permission
:
Settings
在Azure门户中,选择您的应用程序,然后单击“ Settings
Required permissions
section ,select Windows Azure Active Directory
(Azure ad graph api) , add related application permissions your app requires . 在“设置”菜单中,选择“ Required permissions
部分,选择“ Windows Azure Active Directory
(Azure广告图api),添加您的应用程序所需的相关应用程序权限。 Grant Permissions
to do admin consent with your admin's credential . 在您应用的刀片中,点击“ Grant Permissions
以使用您的管理员凭据进行管理员同意。 Your config values seem off: 您的配置值似乎已关闭:
Authority should be: https://login.microsoftonline.com/{TENANT ID}
. 授权应该是: https://login.microsoftonline.com/{TENANT ID}
: https://login.microsoftonline.com/{TENANT ID}
。
It seems to me that you are trying to use Azure AD Graph API, not Microsoft Graph API. 在我看来,您正在尝试使用Azure AD Graph API,而不是Microsoft Graph API。
In that case: 在这种情况下:
Resource URI should be: https://graph.windows.net/
. 资源URI应该是: https://graph.windows.net/
: https://graph.windows.net/
。 (MS Graph API is https://graph.microsoft.com/
) (MS Graph API为https://graph.microsoft.com/
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.