我正在尝试调用AAD Graph,但出现错误。这是我尝试拨打电话的方式:
MsPortalFx.Base.Net.ajax({
uri: `https://graph.windows.net/<id>/servicePrincipals/<id>?api-version=1.6-internal`,
type: "GET",
dataType: "json",
cache: false,
traditional: true,
contentType: "application/json",
setAuthorizationHeader: true,
})
我可以看到在Authorization标头中提供了Bearer令牌,但这是我收到的错误:
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
ocp-aad-diagnostics-server-name: <name>
request-id: <request-id>
client-request-id: <client-request-id>
x-ms-dirapi-data-contract-version: 1.6-internal
DataServiceVersion: 3.0;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Duration: 519919
X-Powered-By: ASP.NET
Date: Mon, 23 Nov 2020 22:49:42 GMT
Content-Length: 212
{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"requestId":"<id>","date":"2020-11-23T22:49:42"}}
如果需要提供其他信息,请告诉我。
如Sruthi所说,错误信息Authentication_MissingOrMalformed表示访问资源与访问令牌的AUD不匹配。
你需要按照以下步骤获取访问令牌:
POST https://login.microsoftonline.com/<Your-Tenant-ID>/oauth2/token
// request body:
grant_type=client_credentials
client_id=<Your Portal Application ID>
client_secret=<Your client secret>
resource=https://graph.windows.net // used to call AAD Graph API
或与v2.0
端点:
POST https://login.microsoftonline.com/<Your-Tenant-ID>/oauth2/v2.0/token
// request body:
grant_type=client_credentials
client_id=<Your Portal Application ID>
client_secret=<Your client secret>
scope=https://graph.windows.net/.default // used to call AAD Graph API