[英]OAuth2 authentication for Microsoft Graph using service account credentials
I would like to create a webservice capable of automatically sending messages in Microsoft Teams.我想创建一个能够在 Microsoft Teams 中自动发送消息的网络服务。 I tried authenticating as an application , but currently Microsoft does not support granting application permissions to send messages in Teams, so the only choice here is to authenticate using a service account with real credentials (Unless there is another way?).我尝试作为应用程序进行身份验证,但目前 Microsoft 不支持授予应用程序权限以在 Teams 中发送消息,因此这里唯一的选择是使用具有真实凭据的服务帐户进行身份验证(除非有其他方法?)。 This method only specifies using user interaction to log in as a user.此方法仅指定使用用户交互以用户身份登录。
I would like to use a service account teamchatbot@domain.com
to authenticate with Microsoft Graph in order to send messages on Microsoft Teams.我想使用服务帐户teamchatbot@domain.com
对 Microsoft Graph 进行身份验证,以便在 Microsoft Teams 上发送消息。 (similar to this but since I'm not accessing a resource it is a little different.) Is there a way I can silently obtain an access token on behalf of the service account in order to send messages? (与此类似,但由于我没有访问资源,因此有点不同。)有没有一种方法可以代表服务帐户以静默方式获取访问令牌以发送消息?
It seems that you have a misunderstanding.看来你有误会了。
Your scene is actually the same as this post .你的场景其实和这个帖子一样。
You should use Resource Owner Password Credentials to call Microsoft Graph API to send messages.您应该使用资源所有者密码凭据调用 Microsoft Graph API 来发送消息。
Based on permissions , you need the Group.ReadWrite.All
delegated permission.根据权限,您需要Group.ReadWrite.All
委派权限。 So you need to add this permission into your Azure AD app firstly.因此,您需要先将此权限添加到您的 Azure AD 应用程序中。
Don't forget to click on "Grant admin consent for {your tenant}" after you add this permission.添加此权限后,请不要忘记单击“授予{您的租户}的管理员同意”。
Then you can get an access token like this:然后你可以获得这样的访问令牌:
You can see that https://graph.microsoft.com/Group.ReadWrite.All
has been included in the response.您可以看到https://graph.microsoft.com/Group.ReadWrite.All
已包含在响应中。
Now you could use this access token to call POST /teams/{id}/channels/{id}/messages
.现在您可以使用此访问令牌调用POST /teams/{id}/channels/{id}/messages
。
There are a few other ways I can think of.我还能想到其他一些方法。
1) One is that you can create a Bot using the Microsoft Bot Framework , and once that bot is installed to the particular team, it can send "pro-active" messages (ie not a message in response to a user's message, but rather whenever you need). 1) 一个是您可以使用Microsoft Bot Framework创建一个机器人,一旦该机器人安装到特定团队,它就可以发送“主动”消息(即不是响应用户消息的消息,而是需要时)。
Essentially, when you bot is added to the team, you get access to a specific event in your bot (OnMembersAdded for a general bot, and there's now a new event just for Teams).从本质上讲,当你的机器人被添加到团队时,你可以访问你的机器人中的特定事件(OnMembersAdded 用于一般机器人,现在有一个仅用于团队的新事件)。 See more on this in my answer on Detect bot application open event .在我对Detect bot application open event 的回答中查看更多相关信息。 In this event, you get the information you need for later, which you can store in a database or wherever, and then create the message as if it's your bot posting to the channel.在这种情况下,您可以获得稍后需要的信息,您可以将这些信息存储在数据库或任何地方,然后创建消息,就好像它是您的机器人发布到频道一样。 You can see more on that at Programmatically sending a message to a bot in Microsoft Teams .您可以在以编程方式向 Microsoft Teams 中的机器人发送消息中看到更多相关信息。
This option above is a lot of work, but useful if there's other functionality you want from a bot (eg the ability to receive messages from the users)上面的这个选项需要做很多工作,但是如果您想要机器人的其他功能(例如从用户接收消息的能力),则很有用
2) Another, and even more simple way, is to create an incoming webhook directly to the channel. 2) 另一种更简单的方法是直接创建一个传入的 webhook 到频道。 Here's a post on doing this using PowerShell, so you can do that for simple testing and extrapolate from there for Node. 这是一篇关于使用 PowerShell 执行此操作的帖子,因此您可以执行此操作以进行简单测试并从那里推断出 Node.js。
Of course, things like Flow (Power Automate) are an option too, but you're already writing code so one of the above is probably easier.当然,像 Flow (Power Automate) 这样的东西也是一种选择,但是您已经在编写代码,因此上述方法之一可能更容易。
Hope that helps希望有帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.