如何使用具有应用程序权限的 Microsoft Graph v1.0 正确创建在线会议?我收到禁止回复
How to properly create an Online Meeting with Micosoft Graph v1.0 with Application permission? I'm getting a Forbidden response
有没有人成功使用 CreateOrGet 向 Microsoft Graph v1.0 请求创建使用应用程序权限的联机会议?我在 Azure 门户上创建了应用程序,并使用客户端 ID 和密码声明并初始化了 GraphServiceClient.
我有一个服务(Hangfire 服务器),它在没有用户交互的情况下会在后台运行并且不同步进程和通知。其中一项功能是此服务器可以将带有嵌入式链接的组织通信发送到在线 Teams 会议。为此,我正在尝试使用客户端凭据流
我的令牌有以下权限:
"roles": [
"OnlineMeetings.Read.All",
"OnlineMeetings.ReadWrite.All",
"User.Read.All"
],
第一栏是被砍权限的名字,但是必要的delegate和application权限都在,虽然前两天的截图没有[的application权限=34=]。我已获得管理员对应用程序权限的同意。您看到的名称是目录名称。
我正在使用带有以下代码的客户端凭据提供程序:
//Client Credentials - Application
app = ConfidentialClientApplicationBuilder
.Create(config.Value.ClientId)
.WithTenantId(config.Value.Tenant)
.WithClientSecret(config.Value.ClientSecret)
.Build();
var scopes = new string[] { "https://graph.microsoft.com/.default" };
graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
{
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
authResult = await app
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
_logger.LogInformation("Token included in GraphClient: " + authResult.AccessToken);
})
);
OnlineMeeting onlineMeeting = new OnlineMeeting() {.....}
var user = await graphClient.Users[{userPrincipalName}].Request().GetAsync(); //<-- This works with the User.Read.All permission
_logger.LogInformation("User: " + JsonConvert.SerializeObject(user, serializerSettings));
string meetingId = Guid.NewGuid().ToString();
OnlineMeeting createdMeeting = await graphClient.Users[user.Id].OnlineMeetings.CreateOrGet(meetingId, null, onlineMeeting.EndDateTime,
onlineMeeting.Participants, onlineMeeting.StartDateTime,onlineMeeting.Subject).Request().PostAsync(); //<-- This doesn't work, and I'm getting a ServiceException
这是我得到的错误:
StatusCode: Forbidden ResponseBody: {
"error": {
"code": "Forbidden",
"message": "Application does not have permission to CreateOrGet online meeting on behalf of this user.",
"innerError": {
"date": "2021-03-26T15:55:22",
"request-id": "6e8466cb-807a-44df-93bf-27d42c413e44",
"client-request-id": "6e8466cb-807a-44df-93bf-27d42c413e44"
}
}
}
关于可能是什么问题的任何线索?
有没有人成功使用 CreateOrGet 向 Microsoft Graph v1.0 请求创建使用应用程序权限的联机会议?我在 Azure 门户上创建了应用程序,并使用客户端 ID 和密码声明并初始化了 GraphServiceClient.
我有一个服务(Hangfire 服务器),它在没有用户交互的情况下会在后台运行并且不同步进程和通知。其中一项功能是此服务器可以将带有嵌入式链接的组织通信发送到在线 Teams 会议。为此,我正在尝试使用客户端凭据流
我的令牌有以下权限:
"roles": [
"OnlineMeetings.Read.All",
"OnlineMeetings.ReadWrite.All",
"User.Read.All"
],
第一栏是被砍权限的名字,但是必要的delegate和application权限都在,虽然前两天的截图没有[的application权限=34=]。我已获得管理员对应用程序权限的同意。您看到的名称是目录名称。
我正在使用带有以下代码的客户端凭据提供程序:
//Client Credentials - Application
app = ConfidentialClientApplicationBuilder
.Create(config.Value.ClientId)
.WithTenantId(config.Value.Tenant)
.WithClientSecret(config.Value.ClientSecret)
.Build();
var scopes = new string[] { "https://graph.microsoft.com/.default" };
graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
{
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
authResult = await app
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
_logger.LogInformation("Token included in GraphClient: " + authResult.AccessToken);
})
);
OnlineMeeting onlineMeeting = new OnlineMeeting() {.....}
var user = await graphClient.Users[{userPrincipalName}].Request().GetAsync(); //<-- This works with the User.Read.All permission
_logger.LogInformation("User: " + JsonConvert.SerializeObject(user, serializerSettings));
string meetingId = Guid.NewGuid().ToString();
OnlineMeeting createdMeeting = await graphClient.Users[user.Id].OnlineMeetings.CreateOrGet(meetingId, null, onlineMeeting.EndDateTime,
onlineMeeting.Participants, onlineMeeting.StartDateTime,onlineMeeting.Subject).Request().PostAsync(); //<-- This doesn't work, and I'm getting a ServiceException
这是我得到的错误:
StatusCode: Forbidden ResponseBody: {
"error": {
"code": "Forbidden",
"message": "Application does not have permission to CreateOrGet online meeting on behalf of this user.",
"innerError": {
"date": "2021-03-26T15:55:22",
"request-id": "6e8466cb-807a-44df-93bf-27d42c413e44",
"client-request-id": "6e8466cb-807a-44df-93bf-27d42c413e44"
}
}
}
关于可能是什么问题的任何线索?