如何使用新的 microsoft graph api 创建身份验证令牌?
我一直在用这个:
https://github.com/Azure-Samples/active-directory-php-graphapi-web.git
访问图形 api,它有效.我的 azure AD 注册应用程序能够查询 API 以获取目录中的用户列表.
to access the graph api, which works. My azure AD registered application is able to query the API to get a list of users in the directory.
但现在我想为目录中的用户列出文件夹.本页
But now I want to list folders for a user in the directory. This page
http://graph.microsoft.io/docs
说网址应该是:
https://graph.microsoft.com/v1.0/me/drive/root/children
当我在 REST 调用中使用该 url 时,我得到了
When I use that url in my REST call, I get
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: -2147184105"
有道理,它从
https://graph.windows.net
所以,我迷路了.API 有很多不同的版本,从消费级 onedrive(以前称为 skydrive)到第一个图形 api(我通过 https 访问://graph.windows.net),office 365 API(我通过 https://login.microsoftonline.com)和现在的图形 api(以前的通用 api https://graph.microsoft.com) 我只是不知道从哪里开始寻找正确的信息.
So, I'm lost. There's so many different versions of the API, from the consumer grade onedrive (formerly skydrive), the first graph api (which I access via https://graph.windows.net), the office 365 API (which I access via https://login.microsoftonline.com) and now the graph api (formerly universal api https://graph.microsoft.com) I just don't know where to begin to look for correct information.
我目前正在使用 PHP,而且我确信在 Microsoft 支持的平台列表中这将是相当低的,但是关于访问令牌生成如何在最新 api 与 o365 api 与其他图形 api(位于 graph.windows.net)将不胜感激.
I'm working in PHP at the moment, and I'm sure that's going to be pretty low on microsoft's list of supported platforms, but any direction about how the access token generation works in the newest api versus the o365 api versus the other graph api (at graph.windows.net) would be appreciated.
还有人和我一样困惑吗?是否有一些中心参考资料解释了这些 api 之间的所有差异以及如何访问它们?
Is anybody else as confused as I am? Is there some central reference that explains all the differences between these apis and how to access them?
推荐答案
Microsoft Graph 应该为您提供一个端点(和令牌获取)来访问 Office 365 和 Azure AD 服务提供的数据.请访问 https://graph.microsoft.com 了解更多详情 - 但请使用 v1.0 版本是适合生产服务的 GA 版本.
The Microsoft Graph should provide you with one endpoint (and token acquisition) to access data offered by Office 365 and Azure AD services. Please visit https://graph.microsoft.com for more details - but please use the v1.0 version as this is the GA version that is appropriate for production services.
至于您关于没有用户 UI 的服务应用程序的问题 - 您可以使用 client_credential 流获取仅限应用程序的访问令牌.(目前 Microsoft Graph 文档中没有记录,但它受到支持和描述 elsewhere - 只需将资源设置为 https://graph.microsoft.com/).在 Azure 管理门户中,您还需要选择您的应用程序也需要的应用程序权限".目前支持仅应用程序访问邮件资源,但不支持仅应用程序访问一个驱动器资源(通过 Microsoft graph).我们会尽快开放它.
As for your question about a service app with no user UI - you can get an app-only access token using the client_credential flow. (This is not currently documented in the Microsoft Graph documentation, but it is supported and described elsewhere - just set the resource to be https://graph.microsoft.com/). In the Azure Management Portal you'll need to select the "Application Permissions" that your app requires too. Currently app-only access to mail resources is supported, but app only access to one drive resources (through Microsoft graph) is not supported. We'll be looking to open that up shortly.
希望这会有所帮助,
相关文章