Microsoft Graph API outlook 任务文件夹:NoPermissionsInAccessToken
Microsoft Graph API outlook task folder : NoPermissionsInAccessToken
我正在尝试使用带 POSTMan 的 Microsoft Graph 列出 Outlook 任务文件夹。
以下是我正在使用的URL:
https://graph.microsoft.com/beta/me/outlook/taskFolders
在请求 header 中添加 Bearer Token 后,我得到以下响应图:
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",
我已经启用了以下权限:Tasks.ReadWrite。
我在这里错过了什么?
我可以在使用 client credentials flow 获取访问令牌时重现您的问题。我decode the access token and do not see the permission I assigned. As the article说:
The permission is delegated from the user to the application, usually during the consent process. However, in the client credentials flow, permissions are granted directly to the application itself. When the app presents a token to a resource, the resource enforces that the app itself has authorization to perform an action and not the user.
因此,我建议您可以使用 OAuth 2.0 authorization code flow 来获取访问令牌。并在范围内添加您的 Tasks.Read 权限。
https://login.microsoftonline.com/xxxxx/oauth2/v2.0/authorize?
client_id=xxxxx
&response_type=code
&redirect_uri=https://localhost:123
&response_mode=query
&scope=https://graph.microsoft.com/Tasks.Read
有关使用授权代码流程获取访问令牌的更多详细信息,您可以参考此 article。
我正在尝试使用带 POSTMan 的 Microsoft Graph 列出 Outlook 任务文件夹。 以下是我正在使用的URL:
https://graph.microsoft.com/beta/me/outlook/taskFolders
在请求 header 中添加 Bearer Token 后,我得到以下响应图:
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",
我已经启用了以下权限:Tasks.ReadWrite。
我在这里错过了什么?
我可以在使用 client credentials flow 获取访问令牌时重现您的问题。我decode the access token and do not see the permission I assigned. As the article说:
The permission is delegated from the user to the application, usually during the consent process. However, in the client credentials flow, permissions are granted directly to the application itself. When the app presents a token to a resource, the resource enforces that the app itself has authorization to perform an action and not the user.
因此,我建议您可以使用 OAuth 2.0 authorization code flow 来获取访问令牌。并在范围内添加您的 Tasks.Read 权限。
https://login.microsoftonline.com/xxxxx/oauth2/v2.0/authorize?
client_id=xxxxx
&response_type=code
&redirect_uri=https://localhost:123
&response_mode=query
&scope=https://graph.microsoft.com/Tasks.Read
有关使用授权代码流程获取访问令牌的更多详细信息,您可以参考此 article。