$graph = new Graph();
$graph
->setBaseUrl("https://graph.microsoft.com/")
->setApiVersion("v1.0")
->setAccessToken($_SESSION['access_token']);
return $me = $graph->createRequest("get", "/me/manager")
->addHeaders(array("Content-Type" => "application/json"))
->setReturnType(Model\User::class)
->setTimeout("1000")
->execute();
显示错误
HTTP / 1.1 403禁止的缓存控制:私有传输编码: 分块的Content-Type:application / json request-id: b343d567-e1e2-4f46-8bd1-d80d27cf28ab客户端请求ID: b343d567-e1e2-4f46-8bd1-d80d27cf28ab x-ms-ags-diagnostic:
{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"SliceC","Ring":"3","ScaleUnit":"001","Host":"AGSFE_IN_18","ADSiteName":"SEA"}}
Duration: 35.3167
Strict-Transport-Security: max-age=31536000
Date: Wed, 31 Oct 2018 11:57:45 GMT
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "b343d567-e1e2-4f46-8bd1-d80d27cf28ab",
"date": "2018-10-31T11:57:46"
}
}
}
答案 0 :(得分:0)
访问被拒绝错误表示您没有在注册的应用程序中请求正确的权限范围。 / me / manager需要此处https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_manager中所述的特定范围。
权限类型权限(从最低权限到最高权限) 委派的(工作或学校帐户)User.Read.All,User.ReadWrite.All,Directory.Read.All,Directory.ReadWrite.All,Directory.AccessAsUser.All
您实际上可以破解您的代码,并检查从登录和同意中获得的访问令牌。使用https://jwt.ms/,您将看到令牌中嵌入的范围。