具有预先同意的多租户应用程序无法调用图形 API

本文介绍了具有预先同意的多租户应用程序无法调用图形 API的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想为我们合作伙伴帐户中的所有租户自动提供一个不需要任何用户凭据的应用.

I'd like to make an app automatically available for all tenants we have in our partner account that doesn't require any user credential.

为此，我在 azure 中创建了一个多租户 Web 应用程序，并且可以通过Microsoft graph"应用程序访问应用程序权限.

For that, I created a web app in azure that is multitenant and has access to application permissions over "Microsoft graph" app.

我按照微软指南启用事先同意，并且进展顺利.

I followed Microsoft's guide to enable the preconsent, and it went well.

然后我尝试与我的租户一起测试对图形 API 的调用:

I then tried to test calls to the graph API with my tenant:

POST https://login.microsoftonline.com/<my-tenant-id>/oauth2/token
=> got the token
GET https://graph.microsoft.com/v1.0/users
=> Got the users of my-tenant

然后我尝试了一个客户的租户:

Then I tried with a customer's tenant:

POST https://login.microsoftonline.com/<customer-tenant-id>/oauth2/token
=> got the token
GET https://graph.microsoft.com/v1.0/users
=>
{
  "error": {
    "code": "Service_InternalServerError",
    "message": "Encountered an internal server error.",
    "innerError": {
      "request-id": "270ef482-e7ca-4184-bb9e-0567b123b7ab",
      "date": "2016-09-15T10:00:14"
    }
  }
}

为什么我得到这个 500，这个调用不应该工作，因为我得到了客户租户的 oauth 令牌?

Why do I get this 500, shouldn't this call work as I got the oauth token for the customer's tenant?

另外，快速的附带问题:预先同意是否适用于以前存在的租户?而如果权限发生变化，是否会影响所有租户而无需做任何事情?

Also, quick side questions: Does the preconsent work for previously existing tenants? And if permissions are changed, will it affect all tenants without having to do anything?

更新:在尝试了很多事情之后，它开始使用相同的命令.但是，我尝试了另一个随机租户，它给了我 500... 将继续尝试和更新

Update: after trying many things, it started to work with the same commands. However, I tried another random tenant and it gives me the 500... Will keep trying and update

具有预先同意的多租户应用程序无法调用图形

问题描述

推荐答案