无法访问 Microsoft Graph 列表消息 API
[英]Cannot access Microsoft Graph List Messages API
问题描述
I try to get my user's mail information using List messages API( https://docs.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0&tabs=http ).
我尝试使用 List messages API( https://docs.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0&tabs=http )获取用户的邮件信息。
I am following the instructions described at https://docs.microsoft.com/en-us/graph/auth-v2-service .我按照https://docs.microsoft.com/en-us/graph/auth-v2-service中描述的说明进行操作。
I registered my application, configured "Application Permissions" to able to use List Messages , got administrator consent using我注册了我的应用程序,将“应用程序权限”配置为能够使用List Messages ,获得管理员同意使用
// Line breaks are for legibility only.
GET https://login.microsoftonline.com/{MY_TENANT_NAME}/adminconsent
?client_id=MY_APP_CLIENT_ID
&state=12345
&redirect_uri=https://localhost/myapp/permissions
And giving my credentials I could get admin_consent=True url.并提供我的凭据,我可以获得admin_consent=True url。 And then I could get an access token using然后我可以使用
// Line breaks are for legibility only.
POST https://login.microsoftonline.com/{MY_TENANT_NAME}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=MY_APP_CLIENT_ID
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&client_secret=MY_APP_SECRET_KEY
&grant_type=client_credentials
I have a valid access token.我有一个有效的访问令牌。 I can see my users calling https://graph.microsoft.com/v1.0/users .我可以看到我的用户调用https://graph.microsoft.com/v1.0/users 。
However when I call https://graph.microsoft.com/v1.0/users/ {MY_USER_ID}/messages, I got an error message.但是,当我调用https://graph.microsoft.com/v1.0/users/ {MY_USER_ID}/messages 时,我收到一条错误消息。
{
"error": {
"code": "OrganizationFromTenantGuidNotFound",
"message": "The tenant for tenant guid '2a862810-93dc-4096-a6b0-dda413670497' does not exist.",
"innerError": {
"request-id": "ba60c495-742b-4655-be74-fe8802427756",
"date": "2020-04-11T19:20:32"
}
}
}
Interestingly when I use https://developer.microsoft.com/en-us/graph/graph-explorer , I can get my user's email.有趣的是,当我使用https://developer.microsoft.com/en-us/graph/graph-explorer时,我可以获得用户的 email。 I have checked the queries but it does not seem any difference.我检查了查询,但似乎没有任何区别。 The only difference that I saw, when investigating AAD --> Enterprise Applications --> Permissions, I can see user consent permissions in Graph Explorer application, but not in my application.我看到的唯一区别是,在调查 AAD --> Enterprise Applications --> Permissions 时,我可以在 Graph Explorer 应用程序中看到用户同意权限,但在我的应用程序中看不到。
3 个解决方案
解决方案1
0 2020-04-11 22:41:50
Strange that it complains over your tenantID.奇怪的是它抱怨你的tenantID。 However, under AAD Registered apps,但是,在 AAD 注册应用下,
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
check if you have Mail.Read* permission set.检查您是否设置了 Mail.Read* 权限。
解决方案2
0 2020-04-12 08:09:57
Are you using correct app id as in your ad app there are three type of ID's: Application ID, Object ID and Directory ID.您是否使用正确的应用程序 ID,因为在您的广告应用程序中存在三种类型的 ID:应用程序 ID、Object ID 和目录 ID。 Here you have to use Application ID.在这里您必须使用应用程序 ID。
You can also verify the AppID in your access token您还可以在访问令牌中验证 AppID
解决方案3
0 2020-04-14 05:02:25
How many active directory environments are there in this tenant?Are you sure you are creating the Azure AD app in the correct tenant?此租户中有多少个活动目录环境?您确定要在正确的租户中创建 Azure AD 应用程序吗?
I believe you maybe using the wrong tenant id.我相信您可能使用了错误的租户 ID。 The user id exists in that tenant, but the mailbox does not.用户 ID 存在于该租户中,但邮箱不存在。
In aad.portal.azure.com/#blade/Microsoft_AAD_IAM/… there is the tenant id property which you should use in the oauth url - login.microsoftonline.com/${tenantId}在 aad.portal.azure.com/#blade/Microsoft_AAD_IAM/... 中有租户 id 属性,您应该在 oauth Z572D4E421E5E6B9BC11D815E8A02 中使用该属性
Double check you are using the correct one.仔细检查您使用的是正确的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.