[英]Microsoft Graph Api Beta DriveItem extractSensitivityLabel returns 403 Forbidden
We are having a problem with a feature available in the beta version of Graph.我们遇到了 Graph 测试版中可用功能的问题。 We are using this endpoint to extract sensitivity labels from drive item:
我们正在使用此端点从驱动器项中提取敏感度标签:
POST https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/extractSensitivityLabels发布https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/extractSensitivityLabels
According to the documentation, we need Files.Read.All, Files.ReadWrite.All, Sites.Read.All or Sites.ReadWrite.All permissions to access this endpoint:根据文档,我们需要 Files.Read.All、Files.ReadWrite.All、Sites.Read.All 或 Sites.ReadWrite.All 权限才能访问此端点:
https://docs.microsoft.com/en-us/graph/api/driveitem-extractsensitivitylabels?view=graph-rest-beta&tabs=http#permissions https://docs.microsoft.com/en-us/graph/api/driveitem-extractsensitivitylabels?view=graph-rest-beta&tabs=http#permissions
Deserialized token we used for authentication:我们用于身份验证的反序列化令牌:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/xxx/",
"iat": 1655160900,
"nbf": 1655160900,
"exp": 1655247600,
"aio": "xxx",
"app_displayname": "xxx",
"appid": "xxx",
"appidacr": "2",
"idp": "https://sts.windows.net/xxx/",
"idtyp": "app",
"oid": "xxx",
"rh": "xxx",
"roles": [
"Sites.Manage.All",
"Sites.ReadWrite.All",
"Files.ReadWrite.All"
],
"sub": "xxx",
"tenant_region_scope": "EU",
"tid": "xxx",
"uti": "xxx",
"ver": "1.0",
"wids": [
"xxx"
],
"xms_tcdt": "1509395911"
}
However, we receive a 403 response with the content:但是,我们会收到 403 响应,其中包含以下内容:
{
"error": {
"code": "accessDenied",
"message": "Cannot call this API using the current App Id.",
"innerError": {
"date": "2022-06-14T08:00:52",
"request-id": "xxx",
"client-request-id": "xxx"
}
}
}
We have tested other graph beta endpoints and had no problems with them.我们已经测试了其他图形 beta 端点,并且没有遇到任何问题。 What could be causing this problem?
什么可能导致这个问题?
First of all you are calling a particular drive's item and this looks like you don't have access for that particular file drive/item , we can suggest you to please check if are able to access particular drive and items which you want to add extract sensitivity labels ,by calling Get API .首先,您正在调用特定驱动器的项目,这看起来您无权访问该特定文件驱动器/项目,我们建议您检查是否能够访问您要添加提取的特定驱动器和项目敏感度标签,通过调用 Get API。
GET /drives/{drive-id}/items/{item-id}获取 /drives/{drive-id}/items/{item-id}
Thanks谢谢
Seems that currently this only work with Delegated permissions.似乎目前这仅适用于委派权限。 I did not find any trace in the docs if there are some pre-allowed appIds that would be allowed to call this API in Application context.
如果允许在应用程序上下文中调用此 API 的一些预先允许的 appId,我在文档中没有找到任何跟踪。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.