问题描述
我正在创建一个 Azure AD 应用程序,它使用新的 Yammer 委派权限预览,使用我从 Azure AD 获得的访问令牌向 Yammer 发布消息.不幸的是,我在尝试调用 Yammer Rest API 时收到 401 Unauthorized
响应.
I am creating an Azure AD App that is using the new Yammer delegated permissions preview to post a message to Yammer using the access token that I obtained from Azure AD. Unfortunately, I get a 401 Unauthorized
response when trying to call Yammer Rest APIs.
这是代码示例:
var resourceId = "https://www.yammer.com";
var endpointUrl = "https://www.yammer.com/api/v1/messages/following.json";
AuthenticationHelper helper = new AuthenticationHelper();
helper.EnsureAuthenticationContext(AuthenticationHelper.AuthorityMultitenant, resourceId);
var token = helper.AuthenticationResult.AccessToken;
HttpClient hc = new HttpClient();
hc.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var result = await hc.GetAsync(new Uri(new Uri("https://www.yammer.com"), endpointUrl));
这里我得到 401 Unauthorized
,并带有消息身份验证失败".我也尝试使用 api.yammer.com 而不是 www.yammer.com,没有任何变化.我知道令牌被正确检索,因为我使用其他 Office 365 REST API 对其进行了测试.
Here I get the 401 Unauthorized
, with a message "Authentication failure". I tried also with api.yammer.com instead of www.yammer.com, with no change. I know that the tokens are being retrieved correctly, as I tested them with other Office 365 REST APIs.
我的假设是令牌采用不可接受的格式,但既然添加了委派权限,它就应该接受 Azure 令牌.我是否使用了错误的资源 ID 和端点?
My assumption is that the token is in an unaccepted format, but it is supposed to accept Azure Tokens now that the Delegated Permissions were added. Am I using the wrong resource ID and endpoint?
推荐答案
我已经找到了问题的解决方案.Yammer 身份验证似乎可以通过 2 种方式进行配置 - 一种方式是将其配置为使用与 Office 365 的其他部分相同的身份验证,另一种方式是使用不同的配置.
I have found the resolution for the problem. It appeared to be that Yammer authentication can be configured in 2 ways - one way is to configure it to use the same authentication as other parts of Office 365, and another one is to is using a different configuration.
如果使用 Yammer 自己的 SSO(换句话说,Yammer 对 ADFS 有单独的配置),则会出现此问题.如果为您的网络禁用 Yammer SSO,映射"用户的所有 yammer 身份验证将由 Office365 处理.完成后,您就可以使用 Office 365 API.
If Yammer's own SSO is used (in other words, Yammer has a separaate configuration for ADFS), then this problem happens.If you disable Yammer SSO for your network, all yammer authentication for "mapped" users will be handled by Office365. When that’s done, you can then use the Office 365 API.
这篇关于Yammer REST API:使用 Azure AD 令牌和 Yammer 委派权限时出现 401 未授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!