Azure架构扩展 - 错误消息:对象引用未设置为对象的实例

时间:2018-05-14 01:02:06

标签: groovy azure-active-directory microsoft-graph

我使用简单的groovy脚本测试Azure Schema Extensions到Microsoft Graph API。我首先查询架构扩展列表,这似乎有效(虽然我不确定响应中的扩展在哪里设置,但我认为它们默认存在)。然后我尝试POST一个架构扩展,但这失败并显示以下错误信息:

[error: [
   code:InternalServerError, 
   message:Object reference not set to an instance of an object., 
   innerError:[request-id:xxxxx-xxxx-xxx-xxxxxx, date:2018-05-14T00:46:00]]]

这是GET查询和响应的代码:

def uriTestGET = "https://graph.microsoft.com/v1.0/schemaExtensions?"
def httpTestGET = new HTTPBuilder(uriTestGET)
httpTestGET.ignoreSSLIssues()
httpTestGET.request(GET,JSON) { req ->

httpTestGET.parser.'application/json'
headers.'Authorization' = 'Bearer ' + AzureToken
headers.'Content-Type' = 'application/json'
response.failure = { resp, json ->

    println "GET Failure. GROUP: ${resp.statusLine}"
    println(json)

}
response.success = { resp, json ->

    println "GET Success. GROUP: ${resp.statusLine}"
    println(json)
}
}

响应

[   
 @odata.context:https://graph.microsoft.com/v1.0/$metadata#schemaExtensions, 
 @odata.nextLink:https://graph.microsoft.com/v1.0/schemaExtensions?$skiptoken=XXXXXXXXXX, 
 value:[[
   id:adatumisv_exo2, 
   description:sample desccription, 
   targetTypes:[Message], 
   status:Available, 
   owner:xxxxxx-xxxx-xxxx-xxxx, 
   properties:[
     [name:p1, type:String], 
     [name:p2, type:String]]], 
   [id:circuitid_globals, 
    description:Circuit ID Graph Global Schema, 
    targetTypes:[Group, User], .. etc

以下POST请求:

def uriTestPOST = "https://graph.microsoft.com/v1.0/schemaExtensions?"
def httpTestPOST = new HTTPBuilder(uriTestPOST)
httpTestPOST.ignoreSSLIssues()
httpTestPOST.request(POST,JSON) { req ->

httpTestPOST.parser.'application/json'
headers.'Authorization' = 'Bearer ' + AzureToken
headers.'Content-Type' = 'application/json'
body = [
        "id":"TestExtension",
        "description": "Test to add user object schema extension",
        "status": "Available",
        "targetTypes": ["user"]

]

response.failure = { resp, json ->
    println "POST Failure. GROUP: ${resp.statusLine}"
    println(json)

}
response.success = { resp, json ->

    println "POST Success. GROUP: ${resp.statusLine}"
    println(json)
}

}

这得到了答复:

[error:[
 code:InternalServerError, 
 message:Object reference not set to an instance of an object.,
 innerError:[request-id:xxxx-xxxx-xxxx-xxxx, date:2018-05-14T00:46:00]]]

更新的Body看起来像这样 - 

 body = [
        "id":"TestExtension",
        "description": "Test to add user object schema extension",
     // "status": "Available",
        "targetTypes": ["User"],
        "properties" : [["name": "ExtensionProperty", "type":"String"]]

]

这是新的错误消息:

   [error:[
    code:Authorization_RequestDenied, 
    message:Insufficient privileges to complete the operation., 
    innerError:[request-id:xxxx-xxxx-xxxx-xxxx, date:2018-05-14T05:09:41]]]

我已对令牌进行了解码,并显示包含以下角色:

解码令牌时,它声明了以下角色:

"roles":     [
   "User.ReadWrite.All",
   "Directory.ReadWrite.All",
   "User.Invite.All" ]

我一直在添加额外的权限以使其发挥作用,这些似乎比我所见的更多特权。

1 个答案:

答案 0 :(得分:1)

系统会根据您选择的OAuth Grant自动选择使用应用程序或委派权限:

  • 客户端凭据Grant = Application
  • 授权代码授予=委派
  • 隐式授权=委派

这是因为如果您希望他们委托您的应用程序代表他们行事,您需要一个真实的用户进行身份验证。如果没有经过身份验证的用户,则没有任何人可以委派权限,因此您需要在“应用程序范围”下运行。

相关问题
最新问题