我正在尝试使用ews java api构建一个android应用程序,以便使用用于android的active directory身份验证库为office365用户获取带有oauth2令牌的ews数据。类似于本文中所示的.net。
下面是代码:
// Code to acquire token after registering the native application in Azure active directory
authenticationContext.acquireToken(<activity context>,
"<resource id: copied from the manifest file tag <resourceAppId> of Azure active directory after adding permission>",
"<Application id of the registered app in AAD>",
"<Application Redirect URI>", email, PromptBehavior.Always, "", AuthenticationCallback);
//We receive AuthenticationResult object containing authentication token in AuthenticationCallback onSuccess method and then call an async task to fetch EWS data
ExchangeService exchangeService = new ExchangeService();
exchangeService.setTraceEnabled(true);
exchangeService.getHttpHeaders().put("Authorization", "Bearer " + mAuthenticationResult.getAccessToken());
exchangeService.setUrl(URI.create("https://outlook.office365.com/EWS/Exchange.asmx"));
我可以获得OAuth令牌,但我不能接收交换数据,它给我未经授权和禁止的访问时,使用以下代码获取数据。
CalendarFolder calendarFolder = CalendarFolder.bind(service, WellKnownFolderName.Calendar);
findResults = calendarFolder.findAppointments(new CalendarView(startDate, endDate));
另外,我不确定我在azure门户中设置的配置。如果你能告诉我如何在android中设置azure ad应用程序,以便通过oauth身份验证获取ews数据,那就太好了。
编辑:
以下是我的访问令牌声明:
这是我为访问令牌获取的json。使用这个访问令牌,我得到的错误是401访问日历文件夹时未经授权的访问。
JSON: {
typ: "JWT",
alg: "RS256",
x5t: "RrQqu9rydBVRWmcocuXUb20HGRM",
kid: "RrQqu9rydBVRWmcocuXUb20HGRM"
}.
{
aud: "6ae5db95-0af3-45b6-afce-17851abc9d55",
iss: "https://sts.windows.net/06d03691-efd5-43c5-8ec9-81e57c75f63c/",
iat: 1480554267,
nbf: 1480554267,
exp: 1480558167,
acr: "1",
amr: [
"pwd"
],
appid: "410db643-4efc-4dac-8e6f-bbf05da561e1",
appidacr: "0",
e_exp: 10800,
family_name: "Dhingra",
given_name: "Surbhi",
ipaddr: "112.110.19.113",
name: "Surbhi Dhingra",
oid: "52c73152-0add-4e68-8d60-54c03a35a4b9",
platf: "1",
scp: "user_impersonation",
sub: "hUaeKxiMI-m7nNNo2c5kMYd501Blw5QQ9SNPnP1Ei_c",
tid: "06d03691-efd5-43c5-8ec9-81e57c75f63c",
unique_name: "surbhi.dhingra@<onmicrosoft domain>.com",
upn: "surbhi.dhingra@<onmicrosoft domain>.com",
ver: "1.0"
}.
错误日志:microsoft.exchange.webservices.data.core.exception.service.remote.servicerequestexception:请求失败。请求失败。远程服务器返回错误:(401)未经授权
在microsoft.exchange.webservices.data.core.request.simpleServicerequestBase.internalExecute上(simpleServicerequestBase.java:74)
w/system.err:位于microsoft.exchange.webservices.data.core.request.multiresponseservicerequest.execute(multiresponseservicerequest.java:158)
w/system.err:位于microsoft.exchange.webservices.data.core.exchangeservice.bindtofolder(exchangeservice.java:504)
在microsoft.exchange.webservices.data.core.exchangeservice.bindtofolder上(exchangeservice.java:523)
在Microsoft.Exchange.WebServices.Data.Core.Service.Folder.CalendarFolder.Bind上(CalendarFolder.Java:60)
在Microsoft.Exchange.WebServices.Data.Core.Service.Folder.CalendarFolder.Bind(CalendarFolder.Java:108)上
最佳答案
似乎有一个已回答的so线程EWS error message: "403: Forbidden - Not enough scopes"与您的问题类似。
只有office 365 restapi支持细粒度访问,如“从所有邮箱读写电子邮件”。对于EWS,您需要“使用对所有邮箱具有完全访问权限的Exchange Web服务”权限。如果你找不到这个许可,请告诉我们。
因此,您需要移动到管理门户网站azure ad中应用程序的CONFIGURE选项卡,然后将Office 365 Exchange Online权限添加到应用程序并启用Use Exchange Web Services with full access to all mailboxes,最后保存配置,请参见下面的步骤和图。
移动到azure ad中应用程序的CONFIGURE选项卡
向应用程序添加Office 365 Exchange Online权限
启用Use Exchange Web Services with full access to all mailboxes
保存配置。
关于android - 使用OAuth token 认证和获取EWS数据,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/40840615/