我正在制作一个需要访问Office 365 Calendar的内容的应用程序.
该应用程序不需要直接的用户操作来登录和检索其数据,因此我无法使用标准OAuth方式来获取此令牌.
该应用程序不需要直接的用户操作来登录和检索其数据,因此我无法使用标准OAuth方式来获取此令牌.
我有点熟悉谷歌的日历方式来做到这一点,它是“服务帐户”的逻辑,涉及一个非对称的RSA密钥来做,所以我试图找到类似这样的O365.
我发现这个博客:
https://blogs.msdn.microsoft.com/arsen/2015/09/18/certificate-based-auth-with-azure-service-principals-from-linux-command-line/
这帮助我很多配置应用程序,并设置两边的所有键以允许连接.最后,我设法使它工作,得到一个令牌并列出资源组.
一切都很好,我使用Microsoft Graph API很容易地工作.
所以:
– 我在应用程序的Azure管理授权中添加了Microsft Graph API,并将所有用户日历的所有读/写权限(在应用程序的授权和委派授权中)
– 我重新生成了令牌,所以可以添加新的权限
– 我使用这个令牌获取日历的列表
而且从未奏效我有令牌,请求给我很好的范围.所以我知道我在正确的应用程序,一切.当我将令牌提供给outlook.office.com时,我有以下消息:<>
我可能错过了一个地方,但我找不到哪里.在我的要求在我的Azure帐户?
有什么帮助吗
请求(没有模糊任何东西,只是一个测试帐户).
获取令牌请求:
POST /6a23b9c1-04fc-4782-b08c-786d2a16c95d/oauth2/token HTTP/1.1 Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Postman-Token: f7b2884d-44e9-c48a-6245-453be490758c grant_type=client_credentials&client_id=0577ff63-730e-418a-a68f-6cbc590b6874&resource=https%3A%2F%2Foutlook.office.com%2F&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6ImxhVkMzbed3K3hKWkpkTUQrbUpmdmRoU1V2bz0ifQ.eyJhdWQiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubgluZS5jb20vNmEyM2I5YzEtMDRmYy00NzgyLWIwOGMtNzg2ZDJhMTZjOTVkL29hdXRoMi90b2tlbiIsImlzcyI6IjA1NzdmZjYzLTczMGUtNDE4YS1hNjhmLTZjYmM1OTBiNjg3NCIsInN1YiI6IjA1NzdmZjYzLTczMGUtNDE4YS1hNjhmLTZjYmM1OTBiNjg3NCIsImp0aSI6IjAuMTgyOTg1ODUzNjM2NjM3MzMiLCJuYmYiOiIxNDYxOTQyODU2IiwiZXhwIjoiMTUyMjQyMzg1NiIsImlhdCI6MTQ2MTk0Mzg1Nn0.Czm9ks_jrEVViUDjfMF1uVUlf5sZrCSGtCmisFn3c8119KQ-OczLpWbpU3crJjidiP2y-xcSGjRSCGYJPiwq2Qks45_97-jBe_fBPoJb5lni5QYT_2ep6OyaAnId4VxlF9WScxFfhetLqOsqOZwB4c6_YXdOiy82SJ0sLqLgZrFlnqYn6uMXGWThEFKPR3qsolgO4Wn5lthFRwF__iuipg2DnjyNIz2KVhqVLqqZ-pglzE_soaKldiAR4bAZMxlndhMCnoUADgfsR0PAaZ-AyM0me4K7FrGbLpaTdXU6M4v9edLM9J23dg82HOKdf0GDC6pCIxKmIsuTR8IxGfxoTw
获取令牌答案:
{
"token_type" : "Bearer","scope" : "Calendars.Read Calendars.ReadWrite","expires_in" : "3600","expires_on" : "1461951871","not_before" : "1461947971","resource" : "https://outlook.office.com/","access_token" : "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbS8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC82YTIzYjljMS0wNGZjLTQ3ODItYjA4Yy03ODZkMmExNmM5NWQvIiwiaWF0IjoxNDYxOTQ3OTcxLCJuYmYiOjE0NjE5NDc5NzEsImV4cCI6MTQ2MTk1MTg3MSwiYXBwaWQiOiIwNTc3ZmY2My03MzBlLTQxOGEtYTY4Zi02Y2JjNTkwYjY4NzQiLCJhcHBpZGFjciI6IjIiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC82YTIzYjljMS0wNGZjLTQ3ODItYjA4Yy03ODZkMmExNmM5NWQvIiwib2lkIjoiMGQyODJlMDgtZGZkOC00Y2YwLWJmYzMtYmQ2MDZmMDEyNzVhIiwic3ViIjoiMGQyODJlMDgtZGZkOC00Y2YwLWJmYzMtYmQ2MDZmMDEyNzVhIiwidGlkIjoiNmEyM2I5YzEtMDRmYy00NzgyLWIwOGMtNzg2ZDJhMTZjOTVkIiwidmVyIjoims4wIn0.L8mP4t_Zmxfl5vJQwEaOsd-ere81jtz9ltzxk0TA0qA_hwRIYNVmHrydyPTHHQC7Jv3M6hiSnSVyVeXX_uYNFkPRZ3Sy_XOjmOF5xslMrw1niqE6J7OhQ5PEPmOfa0mQoWManChemDV5JCdxNOotBd4xes_jzg9tLMihzpqBcAUo3zGn8q5PT7AG-pydoeaHCWwDSKlHlFkBjZ3y_NTtQadDSR9aE2H6DOtP5-hXCpHqzkZODTZCuSBQRz1vCshcd8kZiuX_ebxItlJ8JU-zUr1YJFy9jww0NtROOB71xJP9IUf2NjMS-rQvR2qL8vfLPTArpgQFRU9cCZ4KpbVs3Q"
}
日历列表请求:
GET /api/v2.0/me/calendars HTTP/1.1 Host: outlook.office.com Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbS8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC82YTIzYjljMS0wNGZjLTQ3ODItYjA4Yy03ODZkMmExNmM5NWQvIiwiaWF0IjoxNDYxOTQ3OTcxLCJuYmYiOjE0NjE5NDc5NzEsImV4cCI6MTQ2MTk1MTg3MSwiYXBwaWQiOiIwNTc3ZmY2My03MzBlLTQxOGEtYTY4Zi02Y2JjNTkwYjY4NzQiLCJhcHBpZGFjciI6IjIiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC82YTIzYjljMS0wNGZjLTQ3ODItYjA4Yy03ODZkMmExNmM5NWQvIiwib2lkIjoiMGQyODJlMDgtZGZkOC00Y2YwLWJmYzMtYmQ2MDZmMDEyNzVhIiwic3ViIjoiMGQyODJlMDgtZGZkOC00Y2YwLWJmYzMtYmQ2MDZmMDEyNzVhIiwidGlkIjoiNmEyM2I5YzEtMDRmYy00NzgyLWIwOGMtNzg2ZDJhMTZjOTVkIiwidmVyIjoims4wIn0.L8mP4t_Zmxfl5vJQwEaOsd-ere81jtz9ltzxk0TA0qA_hwRIYNVmHrydyPTHHQC7Jv3M6hiSnSVyVeXX_uYNFkPRZ3Sy_XOjmOF5xslMrw1niqE6J7OhQ5PEPmOfa0mQoWManChemDV5JCdxNOotBd4xes_jzg9tLMihzpqBcAUo3zGn8q5PT7AG-pydoeaHCWwDSKlHlFkBjZ3y_NTtQadDSR9aE2H6DOtP5-hXCpHqzkZODTZCuSBQRz1vCshcd8kZiuX_ebxItlJ8JU-zUr1YJFy9jww0NtROOB71xJP9IUf2NjMS-rQvR2qL8vfLPTArpgQFRU9cCZ4KpbVs3Q Cache-Control: no-cache Postman-Token: e85ac526-c56a-4d5b-2f74-83f4033decb4
答案为空,但在标题中:
Content-Length →0 Date →Fri,29 Apr 2016 16:44:59 GMT Server →Microsoft-IIS/8.5 WWW-Authenticate →Bearer client_id="00000002-0000-0ff1-ce00-000000000000",trusted_issuers="00000001-0000-0000-c000-000000000000@*",token_types="app_asserted_user_v1 service_asserted_app_v1",authorization_uri="https://login.windows.net/common/oauth2/authorize",error="invalid_token",Basic Realm="",Basic Realm="" X-BEServer →VI1PR08MB0910 X-BackEndHttpStatus →401 X-CalculatedBETarget →VI1PR08MB0910.eurprd08.prod.outlook.com X-DiagInfo →VI1PR08MB0910 X-FEServer →AM3PR08CA0034 X-MSEdge-Ref →Ref A: B612166BB1764A45B0F3BCE6DF9CB639 Ref B: A8D71806CB57091B57FD0130AABF9D85 Ref C: Fri Apr 29 09:45:00 2016 PST X-Powered-By →ASP.NET request-id →26f132ca-df5e-439f-bd4f-7d655ba7df21 x-ms-diagnostics →2000008;reason="The token contains no permissions,or permissions can not be understood.";error_category="invalid_grant"
解决方法
有关如何使用REST API应用程序访问的说明,请查看博客文章
Building Daemon or Service Apps with Office 365 Mail,Calendar,and Contacts APIs (OAuth2 client credential flow).由于博客文章很旧,请将outlook.office365.com/api/v1.0替换为outlook.office.com/api/v2.0.您还可以按照相同的步骤注册您的应用程序,以获得适用于Microsoft Graph的应用程序访问权限.