问题描述

我正在使用

POST https://graph.microsoft.com/beta/applications

我可以找回AppId，但是找不到获取AppKey的方法.我想稍后使用应用程序凭据访问该应用程序.

I can get the AppId back, but can't find a way to get the AppKey. I would like to access that app later using application credentials.

更新:我在应用程序创建过程中作为密码凭证发送的信息:

Update:That what I send as password credential during the application creation:

  newAppObj.passwordCredentials = new List<AOBJ.AzurePasswordCredential>(){
            new AOBJ.AzurePasswordCredential()
            {
                customKeyIdentifier = "T1rEXhNmUUmVqimnBPkirw==",
                keyId = Guid.NewGuid().ToString(),
                value = "WgjbF8vG3GM1XRGpc43fvtiO7ScpTGwh0jd6CjIRd40dCX3kP8LMlCdcrrEPBRidI4CXW1OCnSQJQxOzX+oIUw==",
                startDate ="2016-06-01T13:59:30Z",// DateTimeOffset.UtcNow,
                endDate = "2017-06-02T13:59:30Z"//DateTimeOffset.UtcNow.AddYears(2)
            }
        };

当我使用之前设置为值的秘密密钥生成授权令牌时，如果尝试调用MicrosoftGraph API，我会得到以下响应:

When I then generate authorization token using the secret key that I set before as value, I get this response back, when trying to use is to call MicrosoftGraph API:

    {
  "error": {
    "code": "Authorization_IdentityNotFound",
    "message": "The identity of the calling application could not be established.",
    "innerError": {
      "request-id": "42d3f97d-5ccb-4680-a6c2-dceb160d19c7",
      "date": "2016-06-02T21:03:31"
    }
  }
}

当我通过Azure门户手动创建密钥时，api调用可以正常工作.

When I create the secret key manually via Azure portal, the api call works fine.

更新2:

因此，事实证明，用于创建应用程序的POST并未创建基础的 ServicePrincipal 对象.在创建应用程序后，我不得不创建它.

So, turned out that the POST to create application didn't create the underlying ServicePrincipal object. I had to create it after the application was created.

 var servicePrincipal = O365OutlookClient.GetServicePrincipalForApp(InOnBoardingToken, createdAppObj.appId);
               if (servicePrincipal== null || servicePrincipal.appId==null)
               {
                   var servicePrincipalObj = new AOBJ.AzureServicePrincipal();
                   servicePrincipalObj.appId = createdAppObj.appId;
                   servicePrincipalObj.displayName = createdAppObj.displayName;
                   servicePrincipalObj.accountEnabled = true;
                   var servicePrincipalJson = O365OutlookClient.PostServicePrincipalSync(InOnBoardingToken, servicePrincipalObj);
               }

推荐答案

您需要生成并设置应用程序密码凭据(在创建应用程序时，或以后将其作为应用程序的PATCH).您可以通过生成一个强随机值，创建 passwordCredential 并将其添加到passwordCredentials集合中:

Application password credentials need to be generated and set by you (either when you create the application, or later as a PATCH to the application). You can do this by generating a strong random value, creating a passwordCredential and adding it to the passwordCredentials collection:

{
  /* ... */
  "passwordCredentials": [
    {
      "customKeyIdentifier": "T1rEXhNmUUmVqimnBPkirw==",
      "endDate": "2016-06-02T13:59:30Z",
      "keyId": "e4003ae7-15be-487a-92d7-5d75aafdb4dc",
      "startDate": "2016-06-02T13:59:30Z",
      "value": "WgjbF8vG3GM1XRGpc43fvtiO7ScpTGwh0jd6CjIRd40dCX3kP8LMlCdcrrEPBRidI4CXW1OCnSQJQxOzX+oIUw=="
    }
  ]
  /* ... */
}

customKeyIdentifier是base64编码的字节数组(可以是您想要的任何值)，keyId是新生成的Guid，startDate和endDate是密码凭据有效的日期.实际的密钥存储在value中.

customKeyIdentifier is a base64-encoded byte array (can be whatever you want), keyId is a newly-generated Guid, and startDate and endDate are the dates in which the password credential are valid. The actual secret key is stored in value.

这篇关于如何使用Microsoft Graph API获取AppKey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！