获取计划返回 401 - 未经授权
[英]Get Plans returns 401 - Unauthorized
问题描述
I am new to Microsoft Graph.
我是 Microsoft Graph 的新手。 I wanted to create a console app which will fetch all the Group Ids based on a Group Name and then fetch a particular Plan Id with that Group Id and Plan Name (I may or may not be a member of that group).我想创建一个控制台应用程序,它将根据组名获取所有组 ID,然后使用该组 ID 和计划名称获取特定的计划 ID(我可能是也可能不是该组的成员)。
I have written a code which is able to fetch group Id but when I try to use it to fetch the Plan Id:我编写了一个能够获取组 ID 的代码,但是当我尝试使用它来获取计划 ID 时:
var targetGroup = await _graphClient
.Groups
.Request()
.Filter($"startsWith(displayName,'{groupName}')")
.GetAsync();
var groupId = targetGroup.First().Id;
var plans = await _graphClient
.Groups[groupId]
.Planner
.Plans
.Request()
.GetAsync();
This last line fires an exception:最后一行引发异常:
401 - Unauthorized: Access is denied due to invalid credentials.
I am using the O365 E3 Trial version.我使用的是 O365 E3 试用版。 I have read all the solutions posted here and tried them but the error is still there.我已经阅读了这里发布的所有解决方案并尝试了它们,但错误仍然存在。 I have allowed all the permissions (Delegated and Application) for Users, Tasks, Directory, Files, and Groups.我已允许用户、任务、目录、文件和组的所有权限(委派和应用程序)。
Could it be a problem with permissions or the trail version?可能是权限或跟踪版本的问题吗?
Update:更新:
I also tried this:我也试过这个:
GraphHttpClient.MicrosoftGraphV1BaseUri + $"groups/{groupId}/planner/plans";
It works fine for groupId but when I add /planner/plans it throws the same exception.它适用于groupId但当我添加/planner/plans它会引发相同的异常。
2 个解决方案
解决方案1
1 2019-12-12 14:33:52
Are you using User access token or Application token?您使用的是用户访问令牌还是应用程序令牌? Because that api (GET /groups/{group-id}/planner/plans) it's not supported for Application token according to documentation .因为根据文档,应用程序令牌不支持该 api (GET /groups/{group-id}/planner/plans)。 I'm not sure for User access token but I think you must be a member of the group to reach out to plans.我不确定用户访问令牌,但我认为您必须是该组的成员才能联系计划。
解决方案2
1 2019-12-12 18:30:38
The sample code you've refferenced is using the Client Credentials OAuth grant.您引用的示例代码正在使用客户端凭据 OAuth 授权。 This will result in assigning Application scopes to your token rather than Delegate scopes:这将导致将应用程序范围分配给您的令牌而不是委托范围:
AuthenticationResult authResult = null;
authResult = await _clientApplication
.AcquireTokenForClient(_scopes) // This is "Client Credentials"
.ExecuteAsync();
return authResult.AccessToken;
Specifically, the AcquireTokenForClient call is where this is happening.具体来说, AcquireTokenForClient调用就是发生这种情况的地方。 From the documentation :从文档:
Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user) using the client credentials flow.
As Martin Jones stated in his answer, /plans only supports Delegated permission scopes :正如 Martin Jones 在他的回答中所说, /plans 仅支持委派权限范围:
- Delegated (work or school account):
Group.Read.All,Group.ReadWrite.All委派(工作或学校帐户): Group.Read.All、Group.ReadWrite.All - Delegated (personal Microsoft account): Not supported .委派(个人 Microsoft 帐户):不支持。
- Application: Not supported .应用:不支持。
In order to call /plans , you will need to acquire a token using a different OAuth Grant which supports Delegated permissions such as AcquireTokenOnBehalfOf or AcquireTokenByAuthorizationCode .为了调用/plans ,您需要使用不同的 OAuth 授权来获取令牌,该授权支持委托权限,例如AcquireTokenOnBehalfOf或AcquireTokenByAuthorizationCode 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.