用户同意使用 Microsoft Graph API 读取 Outlook/Teams/Sharepoint
[英]User Consent to read Outlook/Teams/Sharepoint using Microsoft Graph API
问题描述
I have to read User emails (particular subfolder), One Drive, Team Channels and Sharepoint after some regular intervals at the background using Microsoft Graph API but not without having the user consent which should be taken only once when they logged in to the web based application first time and not afterwards.
我必须使用 Microsoft Graph API 在后台定期阅读用户电子邮件(特定子文件夹)、One Drive、Team Channels 和 Sharepoint,但未经用户同意,在他们登录基于 Web 时只应读取一次第一次申请,而不是之后。 I am not sure where to start from and how this can be achieved?我不确定从哪里开始以及如何实现? Should the token be stored forever in some database securely OR Is it the AAD?令牌应该永远安全地存储在某个数据库中还是 AAD?
Would really appreciate any pointers/APIs/Libraries/concepts or links which can help in moving towards this direction.非常感谢任何有助于朝着这个方向前进的指针/API/库/概念或链接。
1 个解决方案
解决方案1
0 2020-10-25 14:09:57
If you want to get the token without user, client credentials flow can be used.如果您想在没有用户的情况下获取令牌,可以使用客户端凭据流。 The flow permits a web service (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service.该流程允许 Web 服务(机密客户端)在调用另一个 Web 服务时使用其自己的凭据而不是模拟用户进行身份验证。
In the client credentials flow, permissions are granted directly to the application itself by an administrator.在客户端凭据流中,权限由管理员直接授予应用程序本身。 So it is necessary to use the application permissions .所以有必要使用应用程序权限。 You could call Microsoft Graph API with the access token.您可以使用访问令牌调用 Microsoft Graph API。
For example, call this API to get message:比如调用这个API来获取消息:
You need to add one of the application permissions to API permission(navigate to Azure Active Directory-> your application), and click grant for your tenant .您需要将应用程序权限之一添加到 API 权限(导航到 Azure Active Directory-> 您的应用程序),然后为您的租户单击grant 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.