您的位置: 首页  >  技术问答  >  使用Microsoft Graph Explorer时无法从Azure AD获取访问令牌

使用Microsoft Graph Explorer时无法从Azure AD获取访问令牌

分类: 技术问答 2022-04-06 19:13:18
问题描述:

我已经在Azure AD上注册了一个应用程序,并使用azure门户在azure广告目录中创建了2个用户和一个组.现在,通过Microsoft Graph Explorer,我正在测试操作获取所有用户组是组织" 的API,但是尽管目录中的AD上存在组,但我得到的是空数组作为响应

I have registered an application on Azure AD and created 2 users and a group in the azure ad directory using the azure portal. Now through Microsoft Graph explorer , I am testing the API for the operation "Get All user groups is the organization", but I am getting empty array as response though there exists a group on the AD in my directory.

对于操作获取我所属的组" ,我收到错误消息.

For the operation "Get the groups I belong to", I get error.

我已经遵循了文档,据我了解,我们需要首先请求访问令牌来调用其他API,例如获取用户组等.我按照链接中提到的步骤进行操作: https: //docs.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0#4-get-an-access-token 来请求访问令牌

I have followed the documentation, and as I understand we need to first request an access token to make calls to other APIs like fetching user groups etc. I followed the steps as mentioned in the link: https://docs.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0#4-get-an-access-token to request the access token.

我已经从图形浏览器中触发了一个查询,详细信息如下:

1)将端点指定为: https://login. microsoftonline.com/[TENANTID]/oauth2/v2.0/token

1) Specified the endpoint as: https://login.microsoftonline.com/[TENANTID]/oauth2/v2.0/token

2)指定的请求标头,其内容类型为:application/x-www-form-urlencoded

2) Specified request header with content type : application/x-www-form-urlencoded

3)在json中发送请求正文

3) Sent the request body in json

4)授予应用程序权限,并使用Azure门户授予管理员同意.

4) Given application permissions and also granted the admin consent using the Azure portal.

我再次仔细检查了客户ID,租户ID,范围,机密和其他凭据.但是在进行API调用时,我没有收到任何响应.

I have carefully rechecked the client ID, tenant ID, scope, secret and other creds again. But on making the API call I don't receive any response.

请求访问令牌的JSON正文:

JSON body to request access token: 

{
    "client_id": "[clientId]",
    "scope": "https://graph.microsoft.com/.default",
    "client_secret": "[the-secret]",
    "grant_type": "client_credentials"
}

预期结果:我应该得到一个带有"Bearer"令牌的json响应.

Expected result: I should get a json response with "Bearer" token in it.

实际结果:Azure没有响应,并且该请求显示为正在处理.

Actual result:There is no response from Azure , and the request is shown a s processing.

我应该朝哪个方向解决问题?我在这里找到了类似的问题:** 我在哪里可以找不到Microsoft App的APP ID URI? **.但是我的问题仍然没有解决.

In which direction should I see to solve the problem? I found a similar question here: **Where can I find APP ID URI for Microsoft App? **. But my problem is still unsolved.

显示请求和响应的屏幕截图:

Screenshot showing the request and response:

该屏幕截图显示了天蓝色广告中的组:

Screenshot showing the group in azure ad:

Microsoft Graph资源管理器是一个工具,可让您发出请求并查看针对Microsoft Graph的响应.在调用Graph端点之前,它将自动为您获取访问令牌.请勿使用它来调用除Graph之外的端点.

The Microsoft Graph explorer is a tool that lets you make requests and see responses against the Microsoft Graph. It will get an access token for you automatically before you call Graph endpoint. Do not use it to call endpoints other than Graph.

您的过程应该没问题.但是您应该选择其他工具,例如Postman,Talend API TESTER.

Your process should be OK. But you should choose other tools such as Postman, Talend API TESTER.

更新:

相关推荐