Microsoft graph people\me return 用户空列表
Microsoft graph people\me return empty list of users
我已经在 Office 365 试用版中创建了一个帐户。我已经在 Azure 上添加了新的应用程序注册权限:
BookingsAppointment.ReadWrite.All
Calendars.ReadWrite
Contacts.ReadWrite
EWS.AccessAsUser.All
Mail.ReadWrite
Mail.Send
People.Read
User.Read
User.ReadBasic.All
当我以创建 office 帐户的用户身份调用 https://graph.microsoft.com/v1.0/me/people 时,会获得完整的用户和资源列表。
当我以具有管理员权限的管理员创建的用户身份调用时,我得到一个空列表。
我对管理员用户和创建的管理员用户调用权限 link:
https://login.microsoftonline.com/{}/oauth2/v2.0/authorize?client_id={}&response_type=code&scope=BookingsAppointment.ReadWrite.All%20Calendars.ReadWrite%20Contacts.ReadWrite%20EWS.AccessAsUser.All%20Mail.ReadWrite%20Mail.Send%20People.Read%20People.Read%20User.Read%20User.ReadBasic.All
怎么了?
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('fb6b188c-8698-4a03-9da4-82b7479c4625')/people",
"value": []
}
对于一个用户(在你的情况下我们称之为管理员)能够使用委托授权访问另一个用户的联系人文件夹需要 Contacts.Read.Shared 或 Contacts.ReadWrite.Shared 请参阅 https://docs.microsoft.com/en-us/graph/outlook-get-shared-contacts-folders 。
另一件事是管理员权限对邮箱访问没有意义,例如,对邮箱的委派访问都需要通过 Add-MailboxPermission https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions?view=exchserver-2019 or delegate through Outlook. (eg if you can access the target mailbox through OWA or Outlook your Exchange rights are good but just being a Tenant Admin means in regards to mailbox access). Your other option is if your trying to create an app that is going to access all mailboxes in a tenant look at app only tokens https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration
明确授予
我已经在 Office 365 试用版中创建了一个帐户。我已经在 Azure 上添加了新的应用程序注册权限:
BookingsAppointment.ReadWrite.All
Calendars.ReadWrite
Contacts.ReadWrite
EWS.AccessAsUser.All
Mail.ReadWrite
Mail.Send
People.Read
User.Read
User.ReadBasic.All
当我以创建 office 帐户的用户身份调用 https://graph.microsoft.com/v1.0/me/people 时,会获得完整的用户和资源列表。
当我以具有管理员权限的管理员创建的用户身份调用时,我得到一个空列表。 我对管理员用户和创建的管理员用户调用权限 link:
https://login.microsoftonline.com/{}/oauth2/v2.0/authorize?client_id={}&response_type=code&scope=BookingsAppointment.ReadWrite.All%20Calendars.ReadWrite%20Contacts.ReadWrite%20EWS.AccessAsUser.All%20Mail.ReadWrite%20Mail.Send%20People.Read%20People.Read%20User.Read%20User.ReadBasic.All
怎么了?
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('fb6b188c-8698-4a03-9da4-82b7479c4625')/people",
"value": []
}
对于一个用户(在你的情况下我们称之为管理员)能够使用委托授权访问另一个用户的联系人文件夹需要 Contacts.Read.Shared 或 Contacts.ReadWrite.Shared 请参阅 https://docs.microsoft.com/en-us/graph/outlook-get-shared-contacts-folders 。
另一件事是管理员权限对邮箱访问没有意义,例如,对邮箱的委派访问都需要通过 Add-MailboxPermission https://docs.microsoft.com/en-us/exchange/recipients/mailbox-permissions?view=exchserver-2019 or delegate through Outlook. (eg if you can access the target mailbox through OWA or Outlook your Exchange rights are good but just being a Tenant Admin means in regards to mailbox access). Your other option is if your trying to create an app that is going to access all mailboxes in a tenant look at app only tokens https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration
明确授予