堆栈内存溢出
  简体   繁体   English

使用服务帐户凭据对 Microsoft Graph 进行 OAuth2 身份验证

[英]OAuth2 authentication for Microsoft Graph using service account credentials

 原文  2020-01-22 02:48:37       node.js/ azure-active-directory/ microsoft-graph-api/ microsoft-teams/ microsoft-graph-teams

问题描述

I would like to create a webservice capable of automatically sending messages in Microsoft Teams.我想创建一个能够在 Microsoft Teams 中自动发送消息的网络服务。 I tried authenticating as an application , but currently Microsoft does not support granting application permissions to send messages in Teams, so the only choice here is to authenticate using a service account with real credentials (Unless there is another way?).我尝试作为应用程序进行身份验证,但目前 Microsoft 不支持授予应用程序权限以在 Teams 中发送消息,因此这里唯一的选择是使用具有真实凭据的服务帐户进行身份验证(除非有其他方法?)。 This method only specifies using user interaction to log in as a user.此方法仅指定使用用户交互以用户身份登录。

I would like to use a service account teamchatbot@domain.com to authenticate with Microsoft Graph in order to send messages on Microsoft Teams.我想使用服务帐户teamchatbot@domain.com对 Microsoft Graph 进行身份验证,以便在 Microsoft Teams 上发送消息。 (similar to this but since I'm not accessing a resource it is a little different.) Is there a way I can silently obtain an access token on behalf of the service account in order to send messages? (与类似,但由于我没有访问资源,因此有点不同。)有没有一种方法可以代表服务帐户以静默方式获取访问令牌以发送消息?

2 个解决方案

解决方案1
 1 已采纳  2020-01-22 05:29:02

It seems that you have a misunderstanding.看来你有误会了。

Your scene is actually the same as this post .你的场景其实和这个帖子一样

You should use Resource Owner Password Credentials to call Microsoft Graph API to send messages.您应该使用资源所有者密码凭据调用 Microsoft Graph API 来发送消息。

Based on permissions , you need the Group.ReadWrite.All delegated permission.根据权限,您需要Group.ReadWrite.All委派权限。 So you need to add this permission into your Azure AD app firstly.因此,您需要先将此权限添加到您的 Azure AD 应用程序中。

在此处输入图片说明

Don't forget to click on "Grant admin consent for {your tenant}" after you add this permission.添加此权限后,请不要忘记单击“授予{您的租户}的管理员同意”。

Then you can get an access token like this:然后你可以获得这样的访问令牌:

在此处输入图片说明

You can see that https://graph.microsoft.com/Group.ReadWrite.All has been included in the response.您可以看到https://graph.microsoft.com/Group.ReadWrite.All已包含在响应中。

Now you could use this access token to call POST /teams/{id}/channels/{id}/messages .现在您可以使用此访问令牌调用POST /teams/{id}/channels/{id}/messages

解决方案2
 0  2020-01-22 05:07:36

There are a few other ways I can think of.我还能想到其他一些方法。

1) One is that you can create a Bot using the Microsoft Bot Framework , and once that bot is installed to the particular team, it can send "pro-active" messages (ie not a message in response to a user's message, but rather whenever you need). 1) 一个是您可以使用Microsoft Bot Framework创建一个机器人,一旦该机器人安装到特定团队,它就可以发送“主动”消息(即不是响应用户消息的消息,而是需要时)。

Essentially, when you bot is added to the team, you get access to a specific event in your bot (OnMembersAdded for a general bot, and there's now a new event just for Teams).从本质上讲,当你的机器人被添加到团队时,你可以访问你的机器人中的特定事件(OnMembersAdded 用于一般机器人,现在有一个仅用于团队的新事件)。 See more on this in my answer on Detect bot application open event .在我对Detect bot application open event 的回答中查看更多相关信息。 In this event, you get the information you need for later, which you can store in a database or wherever, and then create the message as if it's your bot posting to the channel.在这种情况下,您可以获得稍后需要的信息,您可以将这些信息存储在数据库或任何地方,然后创建消息,就好像它是您的机器人发布到频道一样。 You can see more on that at Programmatically sending a message to a bot in Microsoft Teams .您可以在以编程方式向 Microsoft Teams 中的机器人发送消息中看到更多相关信息

This option above is a lot of work, but useful if there's other functionality you want from a bot (eg the ability to receive messages from the users)上面的这个选项需要做很多工作,但是如果您想要机器人的其他功能(例如从用户接收消息的能力),则很有用

2) Another, and even more simple way, is to create an incoming webhook directly to the channel. 2) 另一种更简单的方法是直接创建一个传入的 webhook 到频道。 Here's a post on doing this using PowerShell, so you can do that for simple testing and extrapolate from there for Node. 这是一篇关于使用 PowerShell 执行此操作的帖子,因此您可以执行此操作以进行简单测试并从那里推断出 Node.js。

Of course, things like Flow (Power Automate) are an option too, but you're already writing code so one of the above is probably easier.当然,像 Flow (Power Automate) 这样的东西也是一种选择,但是您已经在编写代码,因此上述方法之一可能更容易。

Hope that helps希望有帮助

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google OAuth2服务帐户HTTP / REST身份验证 - Google OAuth2 Service Account HTTP/REST Authentication OAuth2 客户端凭据 - OAuth2 client credentials 适用于我的Node.js应用程序的OAuth2和Microsoft Graph API? - OAuth2 and Microsoft Graph API for my Node.js app? 带有Simple-OAuth2和客户端凭据流的Microsoft Graph API - Microsoft Graph API with Simple-OAuth2 and Client Credentials Flow Nodejs 发布请求以获取服务帐户的 oauth2 令牌 - Nodejs post request to get oauth2 token for a service account 如何处理Microsoft图形守护程序/服务的身份验证 - How to handle authentication for Microsoft graph daemon/service 使用Passport和OAuth2 +社交网络进行NodeJS REST身份验证 - NodeJS REST authentication using Passport and OAuth2 + social network 使用 Nodemailer nodejs 发送邮件的现代 Oauth2 身份验证 - Modern Oauth2 authentication for sending mails using Nodemailer nodejs 使用 OAuth2 身份验证的无服务器应用程序(AWS Lambda 功能) - Serverless application (AWS Lambda function) using OAuth2 authentication Node.js Google OAuth2无效凭据 - Nodejs google oAuth2 invalid credentials
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM