[英]Issue while using com.microsoft.graph.requests.GraphServiceClient with Client credentials provider of azure identity
I'm trying upload and list the files from share point to using Graph Client of Microsoft.我正在尝试使用 Microsoft 的 Graph Client 从共享点上传和列出文件。 I followed the below documentation to do it.
我按照以下文档进行操作。
Documentation URL https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=Java文档 URL https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=Java
Here is my code sample and exception logs.这是我的代码示例和异常日志。
Code :代码:
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("CLIENT_ID")
.clientSecret("CLIENT_SECRET")
.tenantId("TENANT_ID")
.build();
TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(Arrays.asList("https://graph.microsoft.com/offline_access",
"https://graph.microsoft.com/Files.ReadWrite.All","https://graph.microsoft.com/Sites.Manage.All"),
clientSecretCredential);
GraphServiceClient graphClient =
GraphServiceClient
.builder()
.authenticationProvider(tokenCredentialAuthProvider)
.buildClient();
DriveItemCollectionPage driveCollectionPage = graphClient.sites("SITE_ID")
.drive().items("ITEM_ID").children().buildRequest().get();
Exception Log:异常日志:
Caused by: java.lang.NoSuchMethodError: 'com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder.sendX5c(boolean)'
at com.azure.identity.implementation.IdentityClient.lambda$getConfidentialClientApplication$5(IdentityClient.java:233)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44)
at reactor.core.publisher.MonoCacheTime.subscribeOrReturn(MonoCacheTime.java:143)
at reactor.core.publisher.Mono.subscribe(Mono.java:4385)
at reactor.core.publisher.Mono.subscribeWith(Mono.java:4515)
at reactor.core.publisher.Mono.toFuture(Mono.java:4920)
at com.microsoft.graph.authentication.TokenCredentialAuthProvider.getAuthorizationTokenAsync(TokenCredentialAuthProvider.java:58)
at com.microsoft.graph.httpcore.AuthenticationHandler.intercept(AuthenticationHandler.java:54)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at com.microsoft.graph.httpcore.TelemetryHandler.intercept(TelemetryHandler.java:69)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:408)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:226)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:203)
at com.microsoft.graph.http.BaseCollectionRequest.send(BaseCollectionRequest.java:103)
at com.microsoft.graph.http.BaseEntityCollectionRequest.get(BaseEntityCollectionRequest.java:78)
Can someone please help me to solve the issue?有人可以帮我解决这个问题吗?
I fixed the above issue.我解决了上述问题。 By adding below dependency in pom file.
通过在 pom 文件中添加以下依赖项。
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>msal4j</artifactId>
<version>1.11.2</version>
</dependency>
Now I'm facing issue with scope. Getting below Error for mentioned scopes (offline_access, Files.ReadWrite.All,Sites.Manage.All)
.现在我正面临 scope 的问题。针对上述范围
(offline_access, Files.ReadWrite.All,Sites.Manage.All)
出现以下错误。
com.microsoft.aad.msal4j.MsalServiceException: AADSTS1002012: The provided value for scope Sites.Manage.All Files.ReadWrite.All openid profile offline_access is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).
If I add /.default
scope then token generating but getting 403 Forbidden.如果我添加
/.default
scope 然后令牌生成但得到 403 禁止。 Here is my app permissions.这是我的应用程序权限。
Can some please guide me, where I'm missing the logic here?有人可以指导我,我在这里缺少逻辑吗?
Using the client credentials flow, requires you to have executed the admin consent.使用客户端凭据流程,需要您执行管理员同意。
If you done the admin consent, you can change the scope to be https://graph.microsoft.com/.default
and nothing else.如果您已征得管理员同意,则可以将 scope 更改为
https://graph.microsoft.com/.default
,仅此而已。 The resulting token will have all the application permissions you granted to the application.生成的令牌将具有您授予应用程序的所有应用程序权限。
Check out the documentation on the client credentials flow, https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow查看有关客户端凭据流程的文档, https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.