将 com.microsoft.graph.requests.GraphServiceClient 与 azure 身份的客户端凭据提供程序一起使用时出现问题
[英]Issue while using com.microsoft.graph.requests.GraphServiceClient with Client credentials provider of azure identity
问题描述
I'm trying upload and list the files from share point to using Graph Client of Microsoft.
我正在尝试使用 Microsoft 的 Graph Client 从共享点上传和列出文件。 I followed the below documentation to do it.我按照以下文档进行操作。
Documentation URL https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=Java文档 URL https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=Java
Here is my code sample and exception logs.这是我的代码示例和异常日志。
Code :代码:
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("CLIENT_ID")
.clientSecret("CLIENT_SECRET")
.tenantId("TENANT_ID")
.build();
TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(Arrays.asList("https://graph.microsoft.com/offline_access",
"https://graph.microsoft.com/Files.ReadWrite.All","https://graph.microsoft.com/Sites.Manage.All"),
clientSecretCredential);
GraphServiceClient graphClient =
GraphServiceClient
.builder()
.authenticationProvider(tokenCredentialAuthProvider)
.buildClient();
DriveItemCollectionPage driveCollectionPage = graphClient.sites("SITE_ID")
.drive().items("ITEM_ID").children().buildRequest().get();
Exception Log:异常日志:
Caused by: java.lang.NoSuchMethodError: 'com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder.sendX5c(boolean)'
at com.azure.identity.implementation.IdentityClient.lambda$getConfidentialClientApplication$5(IdentityClient.java:233)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44)
at reactor.core.publisher.MonoCacheTime.subscribeOrReturn(MonoCacheTime.java:143)
at reactor.core.publisher.Mono.subscribe(Mono.java:4385)
at reactor.core.publisher.Mono.subscribeWith(Mono.java:4515)
at reactor.core.publisher.Mono.toFuture(Mono.java:4920)
at com.microsoft.graph.authentication.TokenCredentialAuthProvider.getAuthorizationTokenAsync(TokenCredentialAuthProvider.java:58)
at com.microsoft.graph.httpcore.AuthenticationHandler.intercept(AuthenticationHandler.java:54)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at com.microsoft.graph.httpcore.TelemetryHandler.intercept(TelemetryHandler.java:69)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:408)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:226)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:203)
at com.microsoft.graph.http.BaseCollectionRequest.send(BaseCollectionRequest.java:103)
at com.microsoft.graph.http.BaseEntityCollectionRequest.get(BaseEntityCollectionRequest.java:78)
Can someone please help me to solve the issue?有人可以帮我解决这个问题吗?
2 个解决方案
解决方案1
0 2022-03-03 03:55:51
I fixed the above issue.我解决了上述问题。 By adding below dependency in pom file.通过在 pom 文件中添加以下依赖项。
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>msal4j</artifactId>
<version>1.11.2</version>
</dependency>
Now I'm facing issue with scope. Getting below Error for mentioned scopes (offline_access, Files.ReadWrite.All,Sites.Manage.All) .现在我正面临 scope 的问题。针对上述范围(offline_access, Files.ReadWrite.All,Sites.Manage.All)出现以下错误。
com.microsoft.aad.msal4j.MsalServiceException: AADSTS1002012: The provided value for scope Sites.Manage.All Files.ReadWrite.All openid profile offline_access is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).
If I add /.default scope then token generating but getting 403 Forbidden.如果我添加/.default scope 然后令牌生成但得到 403 禁止。 Here is my app permissions.这是我的应用程序权限。
Can some please guide me, where I'm missing the logic here?有人可以指导我,我在这里缺少逻辑吗?
解决方案2
0 2022-03-03 22:21:21
Using the client credentials flow, requires you to have executed the admin consent.使用客户端凭据流程,需要您执行管理员同意。
If you done the admin consent, you can change the scope to be https://graph.microsoft.com/.default and nothing else.如果您已征得管理员同意,则可以将 scope 更改为https://graph.microsoft.com/.default ,仅此而已。 The resulting token will have all the application permissions you granted to the application.生成的令牌将具有您授予应用程序的所有应用程序权限。
Check out the documentation on the client credentials flow, https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow查看有关客户端凭据流程的文档, https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.