从db.collection.aggregate([
{
$group: {
_id: "$alphanumericKey",
docs: {
$push: {
"_id": "$_id",
"alphanumericKey": "$alphanumericKey",
"deleted": "$deleted",
"name": "$name",
"sortName": "$sortName"
}
}
},
},
{
$sort: {
_id: 1
}
}
])
提取access_token(grant_type=client_credentials)后,我回来了:
login.microsoftonline.com/common/oauth2/v2.0/token当我delete-objects — AWS CLI Command Reference时,它的主体中实际上没有HTTP 403
{
"error": {
"code": "AccessDenied",
"message": "Either scp or roles claim need to be present in the token.",
"innerError": {
"request-id": "fa788422-6868-4ab3-9ded-5f076138bda2",
"date": "2019-04-02T11:24:30"
}
}
}
或SCP键(与我从{{3}中读取的令牌看到的相反) })
我阅读了许多有关此文档的文档/博客,并且所有人都指向添加“ Microsoft Graph的应用程序权限”,然后获得他们的管理员同意。添加所需的权限(ROLES,Files.ReadWrite.All等)后,我获得了同意:
代码:
Files.ReadWrite.AppFolder现在,这还不是完整的代码,但是它应该让您知道正在做什么。
在const escapedScopeUri = querystring.escape(
`https://graph.microsoft.com/.default`
);
const secretKey = querystring.escape(
azureApplicationConfig.clientSecret
);
const requestBody = `client_id=${azureApplicationConfig.clientID}&client_secret=${secretKey}&scope=${escapedScopeUri}&grant_type=client_credentials`;
const authReqOptions = {
method: `POST`,
uri: `https://login.microsoftonline.com/common/oauth2/v2.0/token`,
body: requestBody,
headers: {
"Content-Type": `application/x-www-form-urlencoded`
}
};
rp(authReqOptions) // rp = request-promise module
.then(async authRes => {
console.log(authRes);
})
.catch(err => {
// do something with err
});
可用后,我对令牌信息进行了解码(范围不可用)。这是返回的信息:
authRes和已解码的令牌主体信息: Graph Explorer
此外,我在清单中添加了{
"token_type": "Bearer",
"expires_in": 3600,
"ext_expires_in": 3600,
"access_token": "returned token"
}
(不确定这是否是正确的格式):
appRoles不过,事情还没有解决。
答案 0 :(得分:2)
您不能向/common租户请求客户端凭据。由于您没有提供电子邮件地址(就像使用Auth Code或Implicit一样),因此AAD无法找到您要为其获取令牌的租户。
您需要提供租户URI(domain.onmicrosoft.com)或id(创建时向每个租户发布的GUID):
const authReqOptions = {
method: `POST`,
uri: `https://login.microsoftonline.com/${your-tenant-uri-or-id}/oauth2/v2.0/token`,
body: requestBody,
headers: {
"Content-Type": `application/x-www-form-urlencoded`
}
};