我正在处理一个当前项目,我们已经在其中使用Identity Server进行身份验证。在这里,我们使用访问 token 访问Microsoft Graph API以获取 session ,个人资料图片和其他内容。

现在,我们希望与新的Outlook 365 API集成在一起以读取和将来写入任务。

我正在尝试使用已经存在的accesstoken从Outlook restapi中获取Outlook任务:

{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/17e18230-55e1-4f60-8262-5c67e2b2ab11/",
  "iat": 1145153145,
  "nbf": 1491225024,
  "exp": 1491258924,
  "acr": "1",
  "aio": "QSQA8/8DAFFFInSl+iIfvSXhA95NqTYRmKugpaLdvffNkba0L8N5x0U=",
  "amr": [
    "pwd"
  ],
  "app_displayname": "AwesomeApp.Dev",
  "appid": "0c2fgc75-f2ee-fas5-ae9f-fasd2s5d523fs",
  "appidacr": "1",
  "family_name": "Jesper Krægpøth Ryder",
  "given_name": "Joshua",
  "ipaddr": "208.67.222.222",
  "name": "Joshua Jesper Krægpøth Ryder",
  "oid": "a4586g1-d0215-3226-ar05-125463gasrqw5",
  "platf": "3",
  "puid": "654wf84yu3s1g6",
  "scp": "Calendars.Read Calendars.Read.Shared Calendars.ReadWrite Directory.Read.All Files.ReadWrite Group.Read.All Mail.ReadWrite Mail.Send Tasks.Read User.Read User.ReadBasic.All User.ReadWrite",
  "sub": "0s_x0JhaNb1QLpIM2Hldx7pSVkrpTgXKe4QPXXiRguQ",
  "tid": "15e18430-54e9-4f60-8821-5c85e2b2ab77",
  "unique_name": "jor@awesome.com",
  "upn": "jor@awesome.com",
  "uti": "65a2gasdrfasda_fasfa54153",
  "ver": "1.0"
}

https://outlook.office.com/api/v2.0/me/tasks

错误信息:
Content-Length →0
Date →Tue, 04 Jul 2017 08:35:21 GMT
Server →Microsoft-IIS/10.0
WWW-Authenticate →Bearer client_id="00000002-0000-0ff1-ce00-000000000000",
trusted_issuers="00000001-0000-0000-c000-000000000000@*",
token_types="app_asserted_user_v1 service_asserted_app_v1",
authorization_uri="https://login.windows.net/common/oauth2/authorize",
error="invalid_token",Basic Realm="",Basic Realm="",Basic Realm=""
X-BEServer →HE1PR0901MB1194
X-BackEndHttpStatus →401, 401
X-CalculatedBETarget →HE1PR0901MB1194.eurprd09.prod.outlook.com
X-CalculatedFETarget →HE1P190CU001.internal.outlook.com
X-DiagInfo →HE1PR0901MB1194
X-FEProxyInfo →HE1P190CA0005.EURP190.PROD.OUTLOOK.COM
X-FEServer →HE1P190CA0005, HE1PR0201CA0031
X-MSEdge-Ref →Ref A: C32D029EF8F84E68BF6327901BBED14F Ref B: HEL01EDGE0307
Ref C: Tue Jul 4 01:35:21 2017 PST
X-Powered-By →ASP.NET
request-id →2266567a-dd67-48f0-b3b4-72cfb5ee6b42
x-ms-diagnostics →2000003;reason="The audience claim value is invalid
'https://graph.microsoft.com'.";error_category="invalid_resource"

在身份服务器上,我们使用中间件来处理我们的范围,如下所示:
        app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions
        {
            AuthenticationScheme = "Microsoft",
            DisplayName = "Microsoft",
            SignInScheme = cookieScheme,
            ClientId = Configuration.GetValue<string>("ExternalKeys:SecretMicrosoftClientId"),
            ClientSecret = Configuration.GetValue<string>("ExternalKeys:SecretMicrosoftClientSecret"),
            CallbackPath = new PathString("/signin-microsoft"),
            Scope =
            {
                "offline_access",
                "Calendars.Read",
                "Calendars.Read.Shared",
                "https://outlook.office.com/tasks.read"
            },

            SaveTokens = true,

        });

尝试登录时,系统会提示您其他“任务”访问要求。因此,我们应该可以访问任务API。

是否有人尝试同时使用Microsoft graph API和新的Outlook 365 Rest API?

最佳答案

新答案:
Api现在已经发布,可以在这里找到
https://msdn.microsoft.com/en-us/office/office365/api/task-rest-operations

我们项目的工作范围:

Scope =
{
    "offline_access",
    "Calendars.Read",
    "Calendars.Read.Shared",
    "Tasks.Readwrite"
},

旧答案:

您不能针对Outlook终结点使用针对Graph发行的 token ("aud": "https://graph.microsoft.com")。您需要使用"aud": "https://outlook.office.com"的 token 。为此,您需要对所有具有Outlook域完全限定的范围的Azure进行另一个身份验证请求:
Scope =
{
    "offline_access",
    "https://outlook.office.com/Calendars.Read",
    "https://outlook.office.com/Calendars.Read.Shared",
    "https://outlook.office.com/tasks.read"
},

但是,由于您已经在使用Graph,因此也可以通过Graph访问任务:)。 Graph最近向其Beta端点https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/outlooktask添加了任务支持。

关于c# - Outlook 365 Rest API-受众声明值无效,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/44901596/

10-08 22:25
查看更多