Question

我正在使用Graph API从Outlook中获取日历数据。为此，我通过OAuth2.0 API对用户进行身份验证。当用户授予权限时，我获得访问令牌没有任何问题。但遗憾的是没有刷新令牌来刷新访问令牌。

这是我的代码：

<?php
$client_id = "MY_CLIENT_ID";
$client_secret = "MY_CLIENT_SECRET";
$redirect = "MY_REDIRECT_URI";

if (!isset($_GET["code"])) {
    ?>
    <a class="btn btn-default-active" href="<?php
       echo "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?"
       . "client_id=$client_id"
       . "&"
       . "scope="
       . "https%3A%2F%2Fgraph.microsoft.com%2FUser.Read"
       . "%20"
       . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read"
       . "%20"
       . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read.Shared"
       . "&response_type=code"
       . "&redirect_uri=" . urlencode($redirect);
       ?>">Mit Office 365 verbinden</a><?php
} else {
    $code = $_GET["code"];

    $curl = curl_init();

    curl_setopt_array($curl, array(
        CURLOPT_URL => "https://login.microsoftonline.com/common/oauth2/v2.0/token",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => "",
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 30,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => "POST",
        CURLOPT_HTTPHEADER => array(
            "Content-type"=>"application/x-www-form-urlencoded",
            "Content-Length"=>144
        ),
        CURLOPT_POSTFIELDS => array(
            "grant_type" => "authorization_code",
            "client_id" => $client_id,
            "client_secret" => $client_secret,
            "code" => $code,
            "redirect_uri" => $redirect),
    ));

    $response = curl_exec($curl);
    $err = curl_error($curl);

    curl_close($curl);

    if ($err) {
        echo "cURL Error #:" . $err;
    } else {
        echo $response;
    }
}
?>

我这样做来自Microsoft的官方文档（https://docs.microsoft.com/en-US/azure/active-directory/develop/active-directory-protocols-oauth-code），但仍然没有获得刷新令牌，而在文档中响应看起来像这样：

{
  "access_token": " eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1THdqcHdBSk9NOW4tQSJ9.eyJhdWQiOiJodHRwczovL3NlcnZpY2UuY29udG9zby5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0NzdlLyIsImlhdCI6MTM4ODQ0MDg2MywibmJmIjoxMzg4NDQwODYzLCJleHAiOjEzODg0NDQ3NjMsInZlciI6IjEuMCIsInRpZCI6IjdmZTgxNDQ3LWRhNTctNDM4NS1iZWNiLTZkZTU3ZjIxNDc3ZSIsIm9pZCI6IjY4Mzg5YWUyLTYyZmEtNGIxOC05MWZlLTUzZGQxMDlkNzRmNSIsInVwbiI6ImZyYW5rbUBjb250b3NvLmNvbSIsInVuaXF1ZV9uYW1lIjoiZnJhbmttQGNvbnRvc28uY29tIiwic3ViIjoiZGVOcUlqOUlPRTlQV0pXYkhzZnRYdDJFYWJQVmwwQ2o4UUFtZWZSTFY5OCIsImZhbWlseV9uYW1lIjoiTWlsbGVyIiwiZ2l2ZW5fbmFtZSI6IkZyYW5rIiwiYXBwaWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctODkwYS0yNzRhNzJhNzMwOWUiLCJhcHBpZGFjciI6IjAiLCJzY3AiOiJ1c2VyX2ltcGVyc29uYXRpb24iLCJhY3IiOiIxIn0.JZw8jC0gptZxVC-7l5sFkdnJgP3_tRjeQEPgUn28XctVe3QqmheLZw7QVZDPCyGycDWBaqy7FLpSekET_BftDkewRhyHk9FW_KeEz0ch2c3i08NGNDbr6XYGVayNuSesYk5Aw_p3ICRlUV1bqEwk-Jkzs9EEkQg4hbefqJS6yS1HoV_2EsEhpd_wCQpxK89WPs3hLYZETRJtG5kvCCEOvSHXmDE6eTHGTnEgsIk--UlPe275Dvou4gEAwLofhLDQbMSjnlV5VLsjimNBVcSRFShoxmQwBJR_b2011Y5IuD6St5zPnzruBbZYkGNurQK63TJPWmRd3mbJsGM0mf3CUQ",
  "token_type": "Bearer",
  "expires_in": "3600",
  "expires_on": "1388444763",
  "resource": "https://service.contoso.com/",
  "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4rTfgV29ghDOHRc2B-C_hHeJaJICqjZ3mY2b_YNqmf9SoAylD1PycGCB90xzZeEDg6oBzOIPfYsbDWNf621pKo2Q3GGTHYlmNfwoc-OlrxK69hkha2CF12azM_NYhgO668yfcUl4VBbiSHZyd1NVZG5QTIOcbObu3qnLutbpadZGAxqjIbMkQ2bQS09fTrjMBtDE3D6kSMIodpCecoANon9b0LATkpitimVCrl-NyfN3oyG4ZCWu18M9-vEou4Sq-1oMDzExgAf61noxzkNiaTecM-Ve5cq6wHqYQjfV9DOz4lbceuYCAA",
  "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
"id_token": " eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0IjoxMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2MywidmVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0NzdlIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoiZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5jb20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talgzZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ.”
}

在我的情况下，回复看起来像这样：

{
"token_type":"Bearer",
"scope":"https://graph.microsoft.com/calendars.read https://graph.microsoft.com/calendars.read.shared https://graph.microsoft.com/user.read",
"expires_in":3599,
"ext_expires_in":0,
"access_token":"ACCESS_TOKEN"
}

我还尝试添加ressource标记，但仍然不起作用。出了什么问题？

更新

我现在尝试添加属性：

CURLOPT_POSTFIELDS => array(
        "grant_type" => "authorization_code",
        "client_id" => $client_id,
        "client_secret" => $client_secret,
        "code" => $code,
        "redirect_uri" => $redirect,
        "prompt"=>"consent"),

它仍然不起作用。

Answer 1

正如DalmTo所说，您需要请求离线访问以获取刷新令牌。您可以通过向offline_access添加scope来完成此操作。

在你的情况下：

echo "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?"
   . "client_id=$client_id"
   . "&"
   . "scope="
   . "offline_access"
   . "%20"
   . "https%3A%2F%2Fgraph.microsoft.com%2FUser.Read"
   . "%20"
   . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read"
   . "%20"
   . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read.Shared"
   . "&response_type=code"
   . "&redirect_uri=" . urlencode($redirect);

从Microsoft Graph API

1 个答案: