尝试连接到Microsoft Graph时“权限不足,无法完成操作”
[英]“Insufficient privileges to complete the operation” when trying to connect to Microsoft Graph
问题描述
I want to configure my Symfony4 application to read and send e-mails using the msgraph-sdk-php library. 
我想配置我的Symfony4应用程序以使用msgraph-sdk-php库读取和发送电子邮件。
My app would be reading and sending e-mail from a single account, whose password I don't want to expose to my app's users. 我的应用程序将从单个帐户读取和发送电子邮件,而我不想向其用户公开其密码。 Thus, I wouldn't be using OAuth for login. 因此,我不会使用OAuth进行登录。
My first experience was this piece of code (to retrieve mailbox user profile): 我的第一个经验是这段代码(用于检索邮箱用户配置文件):
<?php
namespace App\Graph;
use Microsoft\Graph\Exception\GraphException;
use Microsoft\Graph\Graph;
use Microsoft\Graph\Model\User;
class GraphService
{
function sentTestMessage() {
$userId = "************************************";
$tenantId = "************************************";
$clientId = "************************************";
$clientSecret = "***************************";
$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'client_secret' => $clientSecret,
'resource' => 'https://graph.microsoft.com/',
'grant_type' => 'client_credentials',
],
])->getBody()->getContents());
$accessToken = $token->access_token;
$graph = new Graph();
$graph->setAccessToken($accessToken);
$user=new \stdClass();
try {
$user = $graph->createRequest("GET", "/users/".$userId)
->setReturnType(User::class)
->execute();
} catch (GraphException $e) {
$user->getGivenName=$e->getMessage();
}
return "Hello, I am $user->getGivenName() ";
}
}
But then Symfony shows me an exception page with this message: 但是随后Symfony向我显示了一个异常页面,显示以下消息:
Client error:
GET https://graph.microsoft.com/v1.0/users/...resulted in a403 Forbiddenresponse:GET https://graph.microsoft.com/v1.0/users/...导致403 Forbidden响应:{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the ope (truncated...)
Now the same query works when run in https://developer.microsoft.com/en-us/graph/graph-explorer with the same user logged in. 现在,在具有相同用户登录名的https://developer.microsoft.com/zh-cn/graph/graph-explorer中运行时,相同的查询有效。
These are the permissions I gave the app: 这些是我赋予应用程序的权限:
What should I do to overcome the problem above described? 我该怎么做才能克服上述问题?
1 个解决方案
解决方案1
1 已采纳 2019-07-01 00:55:43
You used client credentials flow to get access token in your code, so you need application permission instead of delegated permission. 您使用客户端凭据流在代码中获取访问令牌,因此您需要应用程序权限而不是委托权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.