[英]Microsoft Graph API roles claim not in token but Application permissions added
I'm attempting to connect to the Microsoft Graph API to use an excel function, as a server to server connection/flow.我正在尝试连接到 Microsoft Graph API 以使用 excel function 作为服务器到服务器的连接/流。 https://learn.microsoft.com/en-us/graph/excel-use-functions
https://learn.microsoft.com/en-us/graph/excel-use-functions
In Azure AD I've built the registered application:在 Azure AD 中,我构建了注册应用程序:
I've created the secret...and also added the API Permissions.我已经创建了秘密...并且还添加了 API 权限。
In Postman, I'm able to get the token fine.....but I notice that roles are not included in the token.在 Postman 中,我能够很好地获得令牌......但我注意到令牌中不包含角色。 Here's the request:
这是请求:
And then when I make a request to the excel function of RATE I get this error:然后当我向 RATE 的 excel function 发出请求时,我收到此错误:
{
"error": {
"code": "AccessDenied",
"message": "Either scp or roles claim need to be present in the token.",
"innerError": {
"date": "2021-08-17T14:31:04",
"request-id": "b0d65e3c-4acd-4a8a-82c4-1c4c5f2216ac",
"client-request-id": "b0d65e3c-4acd-4a8a-82c4-1c4c5f2216ac"
}
}
}
Every post I still on here mentions API permissions and granting consent as Admin....which I have completed but I'm still getting the error.我仍然在这里的每篇文章都提到了 API 权限并以管理员身份授予同意....我已经完成但我仍然收到错误。 Any thoughts?
有什么想法吗?
Please check if there is any claims mapping policy linked to the application service principal.请检查是否有任何声明映射策略链接到应用程序服务主体。
Get-AzureADServicePrincipalPolicy -Id object_id_copied_in_step_1 | fl
Get-AzureADServicePrincipalPolicy -Id object_id_copied_in_step_1 | fl
Get-AzureADServicePrincipalPolicy -Id object_id_copied_in_step_1 | fl
to check if there is any claims mapping policy linked. Get-AzureADServicePrincipalPolicy -Id object_id_copied_in_step_1 | fl
检查是否有链接的声明映射策略。Remove-AzureADServicePrincipalPolicy
to remove the policy.Remove-AzureADServicePrincipalPolicy
以删除该策略。 Decode your bearer token at https://jwt.ms to confirm if the Roles claim is populated or not.在https://jwt.ms解码您的不记名令牌以确认 Roles 声明是否已填充。 SCP claim will not be populated in this case, as it only populates when the token is acquired under user context.
在这种情况下不会填充 SCP 声明,因为它只会在用户上下文中获取令牌时填充。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.