[英]MS Graph API Blocking Credentials on one call, but not another
While expanding our WPF Apps emailing functions to include larger attachments, we went from using the MS GRAPH API endpoint me/sendMail to send emails:在扩展我们的 WPF 应用程序电子邮件功能以包含更大的附件时,我们从使用 MS GRAPH API 端点 me/sendMail 发送电子邮件:
https://graph.microsoft.com/v1.0/me/sendMail
to using the me/messages endpoint to create a draft so that we could create an upload session to that draft so that we could upload larger attachments (pdf reports)使用 me/messages 端点创建草稿,以便我们可以创建上传 session 到该草稿,以便我们可以上传更大的附件(pdf 报告)
https://graph.microsoft.com/v1.0/me/messages
We are acquiring tokens via MSAL for both.我们正在通过 MSAL 为两者获取令牌。 However, when using the second method, we receive the following response:
但是,当使用第二种方法时,我们收到以下响应:
"ErrorAccessDenied"
"Access is denied. Check credentials and try again."
Our expectation was that those two endpoints wouldn't have different credentialing requirements.我们的期望是这两个端点不会有不同的凭证要求。 Our organization's AzureAD accounts are federated delegate, so the only flow we can use is interactive Authorization Code -- so we are calling into MSAL to get the AzureAD token for both endpoints.
我们组织的 AzureAD 帐户是联合委托,因此我们可以使用的唯一流程是交互式授权代码——因此我们调用 MSAL 以获取两个端点的 AzureAD 令牌。
The endpoint for creating a draft message用于创建草稿消息的端点
POST /me/messages
requires Mail.ReadWrite
permission.需要
Mail.ReadWrite
权限。 While endpoints for sending mail用于发送邮件的端点
POST /me/messages/{id}/send
POST /me/sendMail
require Mail.Send
.需要
Mail.Send
。
Adding Mail.ReadWrite
permission should resolve the error.添加
Mail.ReadWrite
权限应该可以解决该错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.