Sharepoint REST API 为简单用户提供 Azure AD oauth2 身份验证
Sharepoint REST API with Azure AD oauth2 authentication for simple users
我正在尝试使用 Azure AD oauth2 从我的服务器访问共享点站点上的文件,我创建了具有此类权限的多租户 Azure AD 应用程序
在此之后,我将通过标准的 oauth2 流程来获取令牌:
我将用户重定向到 https://login.windows.net/common/oauth2/authorize?client_id=123XXXXXXXXf4d5d4512&response_type=code&redirect_uri=https%3A%2F%2FdXXXXXXX%2Foffice365_oauthcallback.html
当管理员用户登录时一切顺利,但普通用户无法登录,他得到:
Additional technical information:
Correlation ID: d81a1cca-1c4f-4da1-9162-88ba74d57775
Timestamp: 2015-07-01 09:49:53Z
AADSTS90093: This operation can only be performed by an administrator.
Sign out and sign in as an administrator or contact one of your
organization's administrators.
我认为他得到这个是因为不能使用某些权限
同一个可以帮助我选择正确的权限,这将允许我使用 Azure AD oauth2 普通用户进行授权,而不仅仅是管理员。
我试图从应用程序中删除对 Azure 的访问权限并仅保留对共享点的访问权限,但结果我得到了
AADSTS65005: The client application has requested access to resource "00000002-0000-0000-c000-000000000000". This request has failed because the client has not specified this resource in its requiredResourceAccess list.%0d%0aTrace ID%3a 97d7ddff-0eaf-487c-83be-e277970f9339%0d%0aCorrelation ID%3a dcf33c54-fb51-46d9-9ee5-09db8d425b0d%0d%0aTimestamp%3a 2015-07-01 09%3a58%3a05Z
我试图关注 https://social.msdn.microsoft.com/Forums/en-US/088c7f00-70ae-47ac-abe6-bdf6b5778468/aadsts65005-the-request-has-failed-because-the-client-has-not-specified-this-resource-in-its?forum=WindowsAzureAD 并将 &resorce= 参数作为共享点站点
https://login.microsoftonline.com/common/oauth2/authorize?client_id=123ae4***5d4512&response_type=code&redirect_uri=https%3A%2F%2FdXXXXXXX%2Foffice365_oauthcallback.html&resource=https://SITE.sharepoint.com/DP/
结果我得到了这个
AADSTS50001: Resource https://SITE.sharepoint.com/DP/ is not
registered for the account. Trace ID:
b30da866-5a89-4962-9617-92a7cfe649b9 Correlation ID:
48a5ef84-8211-4588-8339-05ba7154fbc6
我将 &resorce= 参数作为共享点站点的域
https://login.microsoftonline.com/common/oauth2/authorize?client_id=123ae4***5d4512&response_type=code&redirect_uri=https%3A%2F%2FdXXXXXXX%2Foffice365_oauthcallback.html&resource=https://SITE.sharepoint.com
得到了
Additional technical information: Correlation ID:
7f006d85-a72a-480f-b92e-0c706190f73e Timestamp: 2015-07-01 10:13:17Z
AADSTS90093: This operation can only be performed by an administrator.
Sign out and sign in as an administrator or contact one of your
organization's administrators.
我做错了什么?有什么方法可以通过 Azure AD 为普通用户制作 oauth2,而不仅仅是管理员?
我在这个页面上找到了答案http://blog.beecomedigital.com/2015/06/08/aadsts90093-calling-principal-cannot-consent-due-to-lack-of-permissions/它包含您可以为 AD 应用程序设置的所有权限,不需要管理员权限即可被接受。
我正在尝试使用 Azure AD oauth2 从我的服务器访问共享点站点上的文件,我创建了具有此类权限的多租户 Azure AD 应用程序
在此之后,我将通过标准的 oauth2 流程来获取令牌:
我将用户重定向到 https://login.windows.net/common/oauth2/authorize?client_id=123XXXXXXXXf4d5d4512&response_type=code&redirect_uri=https%3A%2F%2FdXXXXXXX%2Foffice365_oauthcallback.html 当管理员用户登录时一切顺利,但普通用户无法登录,他得到:
Additional technical information:
Correlation ID: d81a1cca-1c4f-4da1-9162-88ba74d57775
Timestamp: 2015-07-01 09:49:53Z
AADSTS90093: This operation can only be performed by an administrator. Sign out and sign in as an administrator or contact one of your organization's administrators.
我认为他得到这个是因为不能使用某些权限
同一个可以帮助我选择正确的权限,这将允许我使用 Azure AD oauth2 普通用户进行授权,而不仅仅是管理员。
我试图从应用程序中删除对 Azure 的访问权限并仅保留对共享点的访问权限,但结果我得到了
AADSTS65005: The client application has requested access to resource "00000002-0000-0000-c000-000000000000". This request has failed because the client has not specified this resource in its requiredResourceAccess list.%0d%0aTrace ID%3a 97d7ddff-0eaf-487c-83be-e277970f9339%0d%0aCorrelation ID%3a dcf33c54-fb51-46d9-9ee5-09db8d425b0d%0d%0aTimestamp%3a 2015-07-01 09%3a58%3a05Z
我试图关注 https://social.msdn.microsoft.com/Forums/en-US/088c7f00-70ae-47ac-abe6-bdf6b5778468/aadsts65005-the-request-has-failed-because-the-client-has-not-specified-this-resource-in-its?forum=WindowsAzureAD 并将 &resorce= 参数作为共享点站点
https://login.microsoftonline.com/common/oauth2/authorize?client_id=123ae4***5d4512&response_type=code&redirect_uri=https%3A%2F%2FdXXXXXXX%2Foffice365_oauthcallback.html&resource=https://SITE.sharepoint.com/DP/
结果我得到了这个
AADSTS50001: Resource https://SITE.sharepoint.com/DP/ is not registered for the account. Trace ID: b30da866-5a89-4962-9617-92a7cfe649b9 Correlation ID: 48a5ef84-8211-4588-8339-05ba7154fbc6
我将 &resorce= 参数作为共享点站点的域
https://login.microsoftonline.com/common/oauth2/authorize?client_id=123ae4***5d4512&response_type=code&redirect_uri=https%3A%2F%2FdXXXXXXX%2Foffice365_oauthcallback.html&resource=https://SITE.sharepoint.com
得到了
Additional technical information: Correlation ID: 7f006d85-a72a-480f-b92e-0c706190f73e Timestamp: 2015-07-01 10:13:17Z AADSTS90093: This operation can only be performed by an administrator. Sign out and sign in as an administrator or contact one of your organization's administrators.
我做错了什么?有什么方法可以通过 Azure AD 为普通用户制作 oauth2,而不仅仅是管理员?
我在这个页面上找到了答案http://blog.beecomedigital.com/2015/06/08/aadsts90093-calling-principal-cannot-consent-due-to-lack-of-permissions/它包含您可以为 AD 应用程序设置的所有权限,不需要管理员权限即可被接受。