我需要使用Microsoft Graph为用户创建订阅。
我在Aure Active Directory中拥有所有权利:
User.Read.All。
我的订阅方式:
def create_subscription_to_users(self):
t = datetime.utcnow() + timedelta(minutes=settings.MAX_TIME_DELTA_IN_MINUTES)
payload = {
"changeType": "updated",
"notificationUrl": "{0}/webhooks/azure".format(settings.AZURE_WEBHOOKS_CALLBACK_BASE_URL),
"resource": "users",
"expirationDateTime": t.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
}
response = self.graph_client.post(url='{0}/subscriptions'.format(settings.GRAPH_URL), json=payload).json()
self.add_log(url='{0}/subscriptions'.format(settings.GRAPH_URL),
method='POST', payload=payload, response=response)
return response
我的验证班:
class AzureHook(View):
def post(self, request):
url = request.get_full_path()
parsed_url = parse_qs(urlsplit(url).query)
validation = dict(parsed_url).get('validationToken')[0]
return HttpResponse(validation.encode('utf-8'), content_type='text/plain')
但是我仍然收到创建订阅的回复:
{"error": {"innerError": {"date": "2019-07-03T11:29:39", "request-id": "5e7f1fc3-8ef4-4511-b661-35bf7d146cc3"}, "message": "Operation: Create; Exception: [Status Code: Unauthorized; Reason: ]", "code": "ExtensionError"}}
有人可以帮我吗?
答案 0 :(得分:0)
为了消除此错误,请在应用程序中添加以下范围。 User.Read.All&offline_access,User.ReadWrite.All,Group.ReadWrite.All,Group.Read.All,Directory.ReadWrite.All,Directory.AccessAsUser.All,openid。
要获取授权码,请在浏览器中尝试此URL。 https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=&response_type = code&redirect_uri = http://localhost:4200/api/auth/callback/AzureAD&response_mode=query&scope=User.Read.All&User.ReadWrite.All&Group.ReadWrite.All&Group.Read.All&Directory.ReadWrite.All&Directory.AccessAsUser.All&openid&offline_access&state = 12345&prompt = login
首先使用邮递员尝试此请求,我附上curl请求供您参考。
卷曲-X POST \ https://graph.microsoft.com/v1.0/subscriptions \ -H'授权:承载'\ -H'内容类型:application / json'\ -d'{ “ changeType”:“已更新”, “ notificationUrl”:“ https://5690e074.ngrok.io”, “ resource”:“组”, “ expirationDateTime”:“ 2019-07-13T10:19:03.170Z”, “ clientState”:“ secretClientValue” }'