Microsoft Graph 无法列出目录文件
Microsoft Graph fails to list directory files
当尝试在 Microsoft Graph 中列出 "me" 的目录项时,我收到 400 Bad Request 并出现以下错误:"Missing necessary user claims."
重现步骤:
- 通过 Application Registration Tool 创建应用程序,授予
Files.Read
权限
使用创建客户端 ID 和客户端密码获取令牌(跟随他们的 guide)cURL:
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=<client-id>&client_secret=<client-secret>=&resource=https://graph.microsoft.com' "https://login.microsoftonline.com/<my-tenant-id>/oauth2/token"
使用创建的 <Access-Token>
来请求列出根目录,如 (cURL):
curl -X GET -H "Authorization: Bearer <Access-Token>" -H "Cache-Control: no-cache" "https://graph.microsoft.com/v1.0/me/drive/root/children"
获取响应:
400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "Missing necessary user claims.",
"innerError": {
"request-id": "36c384f4-1810-4d96-ad69-d69a67d11ece",
"date": "2016-05-31T14:39:05"
}
}
}
如有任何帮助,我们将不胜感激
在您的示例中,您仅对应用程序进行身份验证(称为“仅应用程序身份验证”,或者参考 OAuth 2.0 流程,称为“客户端凭据授予”流程)。但是,您的请求特别提到了用户 (.../me/...
),即您。
对用户进行身份验证和授权的最常见(也是最完整)的方法是调用授权代码授予流程来获取用于 应用程序和用户。在此流程结束时获得的访问令牌将包括有关登录用户的声明,并允许 Microsoft Graph 知道你所说的“我”指的是谁。来自 the docs:
To get your app authorized, you must get the user authenticated first. You do this by redirecting the user to the Azure Active Directory (Azure AD) authorization endpoint, along with your app information, to sign in to their Office 365 account. Once the user is signed in, and consents to the permissions requested by your app (if the user has not done so already), your app will receive an authorization code required to acquire an OAuth access token.
更多阅读:
当尝试在 Microsoft Graph 中列出 "me" 的目录项时,我收到 400 Bad Request 并出现以下错误:"Missing necessary user claims."
重现步骤:
- 通过 Application Registration Tool 创建应用程序,授予
Files.Read
权限
使用创建客户端 ID 和客户端密码获取令牌(跟随他们的 guide)cURL:
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials&client_id=<client-id>&client_secret=<client-secret>=&resource=https://graph.microsoft.com' "https://login.microsoftonline.com/<my-tenant-id>/oauth2/token"
使用创建的
<Access-Token>
来请求列出根目录,如 (cURL):curl -X GET -H "Authorization: Bearer <Access-Token>" -H "Cache-Control: no-cache" "https://graph.microsoft.com/v1.0/me/drive/root/children"
获取响应:
400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "Missing necessary user claims.",
"innerError": {
"request-id": "36c384f4-1810-4d96-ad69-d69a67d11ece",
"date": "2016-05-31T14:39:05"
}
}
}
如有任何帮助,我们将不胜感激
在您的示例中,您仅对应用程序进行身份验证(称为“仅应用程序身份验证”,或者参考 OAuth 2.0 流程,称为“客户端凭据授予”流程)。但是,您的请求特别提到了用户 (.../me/...
),即您。
对用户进行身份验证和授权的最常见(也是最完整)的方法是调用授权代码授予流程来获取用于 应用程序和用户。在此流程结束时获得的访问令牌将包括有关登录用户的声明,并允许 Microsoft Graph 知道你所说的“我”指的是谁。来自 the docs:
To get your app authorized, you must get the user authenticated first. You do this by redirecting the user to the Azure Active Directory (Azure AD) authorization endpoint, along with your app information, to sign in to their Office 365 account. Once the user is signed in, and consents to the permissions requested by your app (if the user has not done so already), your app will receive an authorization code required to acquire an OAuth access token.
更多阅读: