Microsoft GraphAPI 403 在 SPfx 应用程序中获取用户事件时出错
[英]Microsoft GraphAPI 403 error getting users' events in SPfx app
问题描述
I wrote a SharePoint SPfx Application hosted on SharePoint Online using the Microsoft GraphAPI to grab user profile information as well as calendar events.
我编写了一个托管在 SharePoint Online 上的 SharePoint SPfx 应用程序,使用 Microsoft GraphAPI 来获取用户配置文件信息和日历事件。 Per microsoft documents I declared my scopes inside the package-solution.json file and approved the request via the SharePoint APi management page.根据微软文档,我在 package-solution.json 文件中声明了我的范围,并通过 SharePoint APi 管理页面批准了请求。 I am able to read everybody profile information, however, I get an error 403 when I try to access calendar events but my own.我能够读取每个人的个人资料信息,但是,当我尝试访问日历事件但我自己的日历事件时,我收到错误 403。 The users' calendar are not private, they open to the entire organization.用户的日历不是私人的,它们对整个组织开放。
Package-solution.json Permission request Package-solution.json 权限请求
"webApiPermissionRequests": [
{
"resource": "Microsoft Graph",
"scope": "User.Read"
},
{
"resource": "Microsoft Graph",
"scope": "User.ReadBasic.All"
},
{
"resource": "Microsoft Graph",
"scope": "People.Read"
},
{
"resource": "Microsoft Graph",
"scope": "Calendars.Read"
}
]
}
Admin Approved request image管理员批准的请求图片
Screen of approved app permissions已批准的应用程序权限屏幕
request code:请求代码:
private _searchUserCalendar(keyword: string): Promise<any[]> {
console.log("connection to GraphAPI event domain")
return new Promise<any[]>((resolve, reject) => {
this._context.msGraphClientFactory.getClient()
.then((client: MSGraphClient): void => {
client
.api(`/users/${keyword}/calendar/events`) // The api i.e> /me | /users
.version('v1.0')
.select("showAs,start,subject, end")
.top(5)
.get((error, response: any, rawResponse?: any) => {
if (error) {
console.log("ooops somethign went wrong get events",error);
reject(error);
}
var users:Array<any>=new Array<any>();
// Map the JSON response to the output array
if (response != null && response != undefined) {
console.log(response);
response.value.map((item: any) => {
console.log("found events for:", item)
}); // mapping over users
}
resolve(users);
});
});
});
}
Error response错误响应
{error: {code: "ErrorAccessDenied", message: "Access is denied. Check credentials and try again.",…}}
error: {code: "ErrorAccessDenied", message: "Access is denied. Check credentials and try again.",…}
code: "ErrorAccessDenied"
message: "Access is denied. Check credentials and try again."
innerError: {request-id: "5dca3d4f-ab4c-4237-8ff4-78d8cacbd43b", date: "2020-01-16T19:05:26"}
request-id: "5dca3d4f-ab4c-4237-8ff4-78d8cacbd43b"
date: "2020-01-16T19:05:26"
I've tried everything, any help would be greatly appreciated.我已经尝试了一切,任何帮助将不胜感激。
- I tested my request on graph explorer and that worked fine我在图形浏览器上测试了我的请求,效果很好
- I uninstalled/re-installed the app我卸载/重新安装了该应用程序
- I rejected and re-approved the permissions request on the API management dashboard我在 API 管理仪表板上拒绝并重新批准了权限请求
- I changed the request URL from using user id to using emails (only worked for my profile but still didn't work for anybody else)我将请求 URL 从使用用户 ID 更改为使用电子邮件(仅适用于我的个人资料,但仍然不适用于其他任何人)
- I had users share their calendar with me and give read/write permissions, still didn't work because the permission is application specific and not user delegated.我让用户与我共享他们的日历并授予读/写权限,但仍然无效,因为权限是特定于应用程序的,而不是用户委托的。
2 个解决方案
解决方案1
0 已采纳 2020-01-16 19:50:51
User.Read , and User.ReadBasic.All don't have the permissions to do what you are trying to do. User.Read和User.ReadBasic.All执行您要执行的操作。
This URL talks about calendar reading shared events.此URL讨论日历阅读共享事件。
As an example, Garth has shared with John his default calendar and given John read access.
Can you try adding Calendar.Read.Shared您可以尝试添加Calendar.Read.Shared
解决方案2
0 2020-01-21 15:08:49
After trying different permission scopes including the ones suggested by @chad, it seems that Calendar.Read.Shared worked.在尝试了不同的权限范围(包括@chad 建议的权限范围)后,似乎Calendar.Read.Shared起作用了。 However, it worked because it is a delegated permission forwhich the users must implicitly share their calendar with the entire organization or the signed-in user.但是,它起作用了,因为它是委派的权限,用户必须隐式地与整个组织或登录用户共享他们的日历。 This is misleading and contrary to what I read in the graphAPI documentations found here under Calendar > Application permission:这是一个误导,违反了什么,我在graphAPI单证阅读发现这里下日历>应用程序权限:
Calendars.Read |
... and ... 和
Calendars.Read.Shared |
Therefore, according to the previous statements, All i need is Calendars.Read in order to read all events in a user's calendar created by said user.因此,根据前面的陈述,我只需要 Calendars.Read 即可读取该用户创建的用户日历中的所有事件。 The logic of using Calendars.Read.Shared would be to also read all events shared by the user, including those not created but shared with the user.使用Calendars.Read.Shared的逻辑是还读取用户共享的所有事件,包括那些不是创建但与用户共享的事件。
Finally, I marked this as answered because it is the only thing that worked for me (somewhat) and not because it solved the original issue.最后,我将此标记为已回答,因为它是唯一对我有用的东西(在某种程度上),而不是因为它解决了原始问题。 The documentation on this topic is contradictory and confusing.关于此主题的文档相互矛盾且令人困惑。 For now this is my answer unless Microsoft changed something or clarify the issue or you found something else or/and my logic is flawed.现在这是我的答案,除非 Microsoft 更改了某些内容或澄清了问题,或者您发现了其他内容或/并且我的逻辑有缺陷。 If my logic and understanding is flawed please post a response and let me know.如果我的逻辑和理解有缺陷,请发表回复并让我知道。 Afterall, this is what the community is for.毕竟,这就是社区的目的。
Thank you谢谢
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.