问题描述
我正在尝试创建一个可以访问我的个人Microsoft帐户的守护程序(仅代码,仅服务器)应用程序.我无法弄清楚如何获得不过期的Access_Token(或refresh_token).
I am trying to create a Daemon (code-only, server-only) app that can access my Personal Microsoft Account. I cannot figure out how to get an Access_Token that does not expire (or a refresh_token).
我可以使用此处详细介绍的"adminconsent"端点为我的企业(Office 365)帐户创建一个有效的未到期(管理员仅登录一次)后台驻留程序应用程序: https://azure.microsoft.com/en-us/documentation/articles/active -directory-v2-protocols-oauth-client-creds/或此处: https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and- microsoft-graph/.不幸的是,我无法将"adminconsent"端点与我的个人帐户一起使用-返回此操作只能由管理员执行"错误.有什么方法可以为我的个人帐户启用管理员同意吗?
I can create a working non-expiring (admin logs in only once) Daemon app for my Business (Office 365) Account using the "adminconsent" endpoint detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-client-creds/ or here: https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-microsoft-graph/. Unfortunately, I cannot use the "adminconsent" endpoint with my personal account -- returns "This operation can only be performed by an administrator" error. Is there a way I can enable adminconsent for my personal account?
OR
对于我的个人帐户,我可以使用授权"端点(如此处所述: https://azure.microsoft.com/zh-cn/documentation/articles/active-directory-v2-scopes/),它返回的代码(已过期)可用于获取"access_token";在Graph API中可以正常工作-直到access_token过期(3600秒).它不返回"refresh_token".因此,在代码/令牌过期后,然后要求用户再次登录.如何使用授权端点来获取仅可以通过代码刷新的令牌?
For my personal account, I can use the "authorize" endpoint (as detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-scopes/) and it returns a code (that expires) that can be used to obtain the "access_token"; which works fine in Graph API -- until the access_token expires (3600 seconds). It does not return a "refresh_token". So, after the code/token expires, it then requires the user to log in again. How can I use the authorize endpoint to then obtain tokens that can be refreshed via code only?
推荐答案
包括offline_access
范围以获取刷新令牌.请确保将刷新令牌替换为每次刷新时都会返回的新令牌.
Include the offline_access
scope to get a refresh token. Be sure to replace your refresh token with the new one that comes back each time you refresh.
这篇关于Graph API-可以访问个人Microsoft帐户(Azure AD V2.0端点)的Daemon App的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!