我正在构建一个访问Office 365邮箱的后台服务,以便检索电子邮件并在我们的应用程序中处理它们。处理完成后,应删除电子邮件。
我已成功使用X509证书设置了对Web服务的身份验证,以获取OAuth访问令牌(感谢此this blog post),并且可以使用HTTP Get to:
读取用户的电子邮件这将返回消息传递对象所需的JSON响应。
我现在希望在处理完电子邮件后将其删除,我已尝试过两种方法:
HTTP DELETE: https://outlook.office365.com/api/v2.0/users('[emailAddress]')/messages/[messageId]
和
HTTP POST: https://outlook.office365.com/api/v2.0/users('[emailAddress]')/messages/[messageId]/move
,包括:
_request.Content = New StringContent("{""DestinationId"": ""DeletedItems""}", Encoding.utf8, "application/json")
我最初在Azure AD中设置了我的应用程序,其权限包括其他应用程序,包括Office 365 Exchange Online,其中包括应用程序权限和委派权限(此处不应该适用),仅用于阅读邮件。此时从http get请求中读取邮件工作正常。
然后我尝试向后台服务添加一个新方法,该方法在完成后删除了邮件。每当我运行删除或移动到已删除的项目时,如上所述,我收到403,其中包含以下消息:
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
我回去并为应用程序和委托添加了读/写权限,但在发送请求时没有任何更改。
作为一项实验,我随后从Azure AD中的应用程序中删除了Office 365的所有权限。正如预期的那样,这使我无法检索之前正在运行的电子邮件。这证明我成功连接到我的 应用
然而,我重新添加了权限,现在我收到401的所有请求:
x-ms-diagnostics: 2000008;reason="The token contains no permissions, or permissions can not be understood.";error_category="invalid_grant"
我已尝试从Azure AD中的应用程序中删除Office 365并重新添加但无法解决问题。
添加/更新权限是否有一些延迟?
如何修复应用程序以便检索和删除和/或移动电子邮件?
我删除问题时的完整回复是:
StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Transfer-Encoding: chunked
request-id: 9734281b-60f6-48e0-bea4-a3ce0c8b9744
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
X-CalculatedBETarget: HE1PR04MB0971.eurprd04.prod.outlook.com
X-BackEndHttpStatus: 403
Cache-Control: private
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Set-Cookie: exchangecookie=ed0bfaa0c16e44ffac392df7da2dacd3; expires=Fri, 13-Jan-2017 13:30:18 GMT; path=/; HttpOnly
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
OData-Version: 4.0
X-AspNet-Version: 4.0.30319
X-DiagInfo: HE1PR04MB0971
X-BEServer: HE1PR04MB0971
X-Powered-By: ASP.NET
Date: Wed, 13 Jan 2016 13:30:18 GMT
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
}
当前权限问题的完整响应是:
StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Transfer-Encoding: chunked
request-id: 9734281b-60f6-48e0-bea4-a3ce0c8b9744
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
X-CalculatedBETarget: HE1PR04MB0971.eurprd04.prod.outlook.com
X-BackEndHttpStatus: 403
Cache-Control: private
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Set-Cookie: exchangecookie=ed0bfaa0c16e44ffac392df7da2dacd3; expires=Fri, 13-Jan-2017 13:30:18 GMT; path=/; HttpOnly
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
OData-Version: 4.0
X-AspNet-Version: 4.0.30319
X-DiagInfo: HE1PR04MB0971
X-BEServer: HE1PR04MB0971
X-Powered-By: ASP.NET
Date: Wed, 13 Jan 2016 13:30:18 GMT
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
}
答案 0 :(得分:2)
由于您修改了权限,因此管理员必须登录并同意新权限。在此之前,您将继续获得具有“旧”权限集的令牌。所以基本上你需要做的是重新做博客文章的“授予同意......”部分。