无法从Microsoft Graph API获取数据。
private String getUserNamesFromGraph() throws Exception {
String bearerToken = "Bearer "+getAccessToken();
String url = "https://graph.microsoft.com/v1.0/users";
String returnData = null;
try {
URL apiURL = new URL(url);
URLConnection con = apiURL.openConnection();
con.setRequestProperty("Authorization", bearerToken);
con.setRequestProperty("Content-Type", "application/json");
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
returnData = response.toString();
System.out.println(returnData);
} catch(Exception e) {
System.out.println(e);
}
return returnData;
}
private String getAccessToken() throws Exception {
String url = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
URL obj = new URL(url);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
// header
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", "eTarget API");
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
String urlParameters = "client_id=***
APPLICATION ID FROM APPLICATION REGISTRATION PORTAL ***&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=***
APPLICATION SECRET FROM APPLICATION REGISTRATION PORTAL ***&grant_type=client_credentials";
// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(urlParameters);
wr.flush();
wr.close();
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Post parameters : " + urlParameters);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
//print result
String returnData = response.toString();
System.out.println(returnData);
Map jsonTokenData = new Gson().fromJson(returnData, Map.class);
String accessToken = (String)jsonTokenData.get("access_token");
//System.out.println(accessToken);
return accessToken;
}
getAccessToken() getUserNamesFromGraph()会返回401 Unauthorized而不是预期的数据。我已经无数次地浏览了文档,尝试了不同的变体和端点,但无济于事。任何想法都赞赏。
答案 0 :(得分:3)
为了让您的应用程序读取用户,必须明确授予User.Read.All application permission。此权限需要管理员同意。 Here is one link解释了如何授予该权限。您必须调用该交互式同意对话框以授予您的应用程序权限。否则,您仍会收到权限不足错误。
然后here is the complete list of different Microsoft Graph permissions。在您的情况下 - 没有用户交互的守护程序应用程序,您必须查看应用程序权限而不是**委派权限*。
授予适当的权限后,您就可以查询用户。您不必须更改令牌请求中的范围。保持原样:https://graph.microsoft.com/.default
完成所有这些更改后,您可以使用https://jwt.ms检查访问令牌。在那里,您可以提取所有声明并检查您的受众和范围声明,以进一步了解您从Microsoft Graph获得401的原因。
答案 1 :(得分:0)
原因是应用程序还必须支持所请求的权限。例如,不允许应用程序列出托管设备,如此页面的“先决条件”页面中所示 List managedDevices permissions