问题描述

我想使用这个库与我的 AD 的图形 API 进行交互 - https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/nodejs.md

I'd like to use this library to interact with the graph API for my AD - https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/nodejs.md

但是，我发现返回访问令牌的所有现有 javascript 库都希望传入返回 URL，以及其他一些特定于 Web 的内容，这让我相信这是对 Microsoft 的某种要求结束.

However, all of the existing javascript libraries I've found to return access tokens expect a return URL to be passed in, as well as some other web-specific stuff, leading me to believe this is some kind of requirement on Microsoft's end.

在运行后端节点脚本(与 Web 无关)时，是否有任何好的方法来验证/接收访问令牌，以便我可以开始对 Microsoft Graph API 进行调用?提前感谢您的建议.

Is there any good way to authenticate/receive an access token while running a backend node script (nothing web related) so that I can begin to make calls against the Microsoft Graph API? Thanks in advance for the advice.

推荐答案

要运行连接到 Graph API 的后端非用户身份验证守护程序，您希望使用仅限应用的身份验证流程.这是 的快速摘要官方步骤:

To run a back-end non-user-authenticated daemon connected to the Graph API, you want to use the app-only authentication flow. Here's a quick summary of the official steps:

1. 创建您的 Azure AD 租户.记下 yourtenant.onmicrosoft.com 名称，并将该值复制下来.
2. 通过全局 Azure Active Directory 刀片的 App Registrations 部分注册应用程序，而不是直接在租户属性中.复制应用程序ID；我们稍后会用到它.
3. 创建与注册相关的密钥并记住将其复制下来.一旦点击出去，就无法取回键值，所以一定要复制它.
4. 将注册权限更新为您需要的权限，点击Save，然后点击Grant Permissions按钮.
5. 向 login.microsoftonline.com 域发出 HTTP 请求以获取访问令牌.
6. 使用访问令牌发出 Graph API 请求.

1. Create your Azure AD Tenant. Note the yourtenant.onmicrosoft.com name, and copy this value down.
2. Register an application through the global Azure Active Directory blade's App Registrations section, not directly within the tenant properties. Copy the Application ID; we'll need it later.
3. Create a key tied to the registration and remember to copy it down. Once you click out, you can't get the key value back, so make sure to copy it.
4. Also update the registration's permissions to what you need, click Save, and then also hit the Grant Permissions button.
5. Make an HTTP request to the login.microsoftonline.com domain to obtain an access token.
6. Use the access token to make Graph API requests.

这里是微软 Node.js 示例的链接，这里是链接到 直接文档 上进行 HTTP 调用以检索访问令牌.这是一个超级精简的示例，它将输出检索到的访问令牌.替换 [Tenant]、[ApplicationID] 和 [Key] 值:

Here's a link to Microsofts Node.js example, and here's a link to the direct documentation on the HTTP call to make to retrieve an access token. And here's a super stripped-down example that will output the retrieved access token. Replace the [Tenant], [ApplicationID], and [Key] values:

const request = require("request");

const endpoint = "https://login.microsoftonline.com/[Tenant].onmicrosoft.com/oauth2/token";
const requestParams = {
    grant_type: "client_credentials",
    client_id: "[ApplicationID]",
    client_secret: "[Key]",
    resource: "https://graph.windows.net"
};

request.post({ url:endpoint, form: requestParams }, function (err, response, body) {
    if (err) {
        console.log("error");
    }
    else {
        console.log("Body=" + body);
        let parsedBody = JSON.parse(body);
        if (parsedBody.error_description) {
            console.log("Error=" + parsedBody.error_description);
        }
        else {
            console.log("Access Token=" + parsedBody.access_token);
        }
    }
});

一旦我们有了 access_token，我们就可以调用 Graph API.假设应用程序权限配置正确并从第 4 步开始应用，我们可以开始发出 Graph API 请求:

Once we have the access_token, we can call out to the Graph API. Assuming the apps permissions were configured correctly and applied from step #4, we can start making Graph API requests:

function testGraphAPI(accessToken) {
    request.get({
        url:"https://graph.windows.net/[Tenant]/users?api-version=1.6",
        headers: {
          "Authorization": accessToken
        }
    }, function(err, response, body) {
        console.log(body);
    });
}

这篇关于如何从节点脚本获取 Microsoft Graph API 访问令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！