通过 Graph API 读取 Azure AD 用户的日历需要什么权限
What permissions are needed to read the Azure AD users' calendar via Graph API
我需要访问 Azure AD 用户的日历。我用下面的代码来做:
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "MY_TENANT_ID";
var clientId = "APP_ID";
var clientSecret = "APP_SECRET";
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var user = await graphClient.Users["USER_ID"]
.Calendar.Events
.Request()
.GetAsync();
因此,我收到以下错误:
Status Code: Unauthorized
Microsoft.Graph.ServiceException: Code: NoPermissionsInAccessToken
Message: The token contains no permissions, or permissions can not be understood.
在 Azure AD->App Registrations->API 权限 我有 Calendars.Read 权限,但没有 User.Read.All 权限。所以问题是我可以在没有 User.Read.All 许可的情况下从日历中获取数据吗?如果我可以,我做错了什么?
根据您的 code snippet, you used client credential flow to obtain the authentication and call graph api to list all calendar events 为特定用户。
所以你需要让你的azure ad申请获得Calendar.Read application权限。没有权限那么你不能调用api成功
如何添加应用权限:
我需要访问 Azure AD 用户的日历。我用下面的代码来做:
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "MY_TENANT_ID";
var clientId = "APP_ID";
var clientSecret = "APP_SECRET";
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var user = await graphClient.Users["USER_ID"]
.Calendar.Events
.Request()
.GetAsync();
因此,我收到以下错误:
Status Code: Unauthorized
Microsoft.Graph.ServiceException: Code: NoPermissionsInAccessToken
Message: The token contains no permissions, or permissions can not be understood.
在 Azure AD->App Registrations->API 权限 我有 Calendars.Read 权限,但没有 User.Read.All 权限。所以问题是我可以在没有 User.Read.All 许可的情况下从日历中获取数据吗?如果我可以,我做错了什么?
根据您的 code snippet, you used client credential flow to obtain the authentication and call graph api to list all calendar events 为特定用户。
所以你需要让你的azure ad申请获得Calendar.Read application权限。没有权限那么你不能调用api成功
如何添加应用权限: