问题描述
我正在设置一个应用程序,用于通过Microsoft Graph API修改Microsoft Teams帐户(团队/渠道),但是我无法从需要调用的所有端点中获得响应.我遵循了指南,以成功创建具有应用程序许可权并成功获得访问(和刷新)令牌的应用程序.
I am setting up an app for modifying a Microsoft Teams account (teams/channels) through the Microsoft Graph API, but I can't get responses from all of the endpoints which I need to call.I have followed the guide for creating an app with application permissions and acquired access (and refresh) token(s) succesfully.
调用 https://graph.microsoft.com/v1.0/users/<用户guid>/joinedTeams
端点产生的响应如下:
Calling the https://graph.microsoft.com/v1.0/users/<user guid>/joinedTeams
endpoint yields a response as follows:
{
"error": {
"code": "Unauthorized",
"message": "Unauthorized",
"innerError": {
"date": "2020-06-24T12:37:53",
"request-id": <guid>
}
}
}
调用诸如 https://graph.microsoft.com/v1.0/users
之类的端点时,如所述.似乎该应用尚未获得访问它们的同意和/或许可,但是在注册后,它们会在azure门户企业应用程序页面的API许可中列出,并且访问令牌JWT包含指定的许可,作为角色
对象.
while calling endpoints such as https://graph.microsoft.com/v1.0/users
works as described. It would seem that the app hasn't gotten consent and/or permissions to access these, but after signup they are listed on the API permissions in the azure portal enterprise applications page, and the access token JWT contains the specified permissions as a roles
object.
来自JWT:
"roles": [
"TeamSettings.ReadWrite.All",
"User.ReadWrite.All",
"Directory.ReadWrite.All",
"Group.ReadWrite.All",
"TeamMember.ReadWrite.All",
"Team.ReadBasic.All",
"GroupMember.ReadWrite.All",
"Member.Read.Hidden"
]
我尝试使用 Directory.ReadWrite.All
权限,还尝试使用用于/joinedTeams
端点的权限页面他们都引发了相同的错误.
I have tried with the Directory.ReadWrite.All
permission and also with the full permission list listed on the permissions page for the /joinedTeams
endpoint and they all elicit the same error.
奇怪的是,根据此 a 401-将对过期(或类似无效)的令牌给出未经授权的响应,但是显然不是这种情况,因为我可以使用该令牌来调用其他端点.
Curiously, according to this a 401 - Unauthorized response would be given for expired (or similarly invalid) tokens, however that seems to clearly not be the case as I can call other endpoints with that very token.
我想念什么?
推荐答案
感谢@MikeOliver当我注册Teams时,它创建了另一个目录.仅第二个目录具有团队的许可证"目录.(从天蓝色门户网站的许可证"页面可见).
Solved thanks to @MikeOliverWhen I signed up for Teams it created another directory. Only that second directory had a Teams "license" (visible from the azure portal's License page).
这篇关于从Microsoft Graph请求'/joinedTeams'时出现'Unauthorized'错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!