0

Trying to make a REST call through SharePoint's SP.WebRequestInfo.

I'm getting the error "The remote server returned the following error while establishing a connection - 'Unauthorized'." trying to call https://graph.windows.net/[Client]/users?api-version=2013-11-0.

I've successfully retrieved a access token.

Can you help me out why i'm getting this error?

Here is the code i'm using:

        var url = "https://graph.windows.net/xxx/users/?api-version=2013-11-08";

        var context = SP.ClientContext.get_current();
        var request = new SP.WebRequestInfo();
        request.set_url(url);
        request.set_method("GET");
        request.set_headers({
            "Authorization": token.token_type + " " + token.access_token,
            "Content-Type": "application/json"
        });

        var response = SP.WebProxy.invoke(context, request);

        context.executeQueryAsync(successHandler, errorHandler);

        function successHandler() {
            if (response.get_statusCode() == 200) {
                var responseBody = JSON.parse(response.get_body());
                deferred.resolve(responseBody);
            } else {

                var httpCode = response.get_statusCode();
                var httpText = response.get_body();
                deferred.reject(httpCode + ": " + httpText);
            }
        }

The code for retrieving the token is:

    this.getToken = function (clientId, clientSecret) {
        var deferred = $q.defer();
        var resource = "https://graph.windows.net";
        var formData = "grant_type=client_credentials&resource=" + encodeURIComponent(resource)      + "&client_id=" + encodeURIComponent(clientId) + "&client_secret=" + encodeURIComponent(clientSecret);

        var url = "https://login.windows.net/xxxxxx.onmicrosoft.com/oauth2/token?api-version=1.0";

        var context = SP.ClientContext.get_current();
        var request = new SP.WebRequestInfo();
        request.set_url(url);
        request.set_method("POST");
        request.set_body(formData);

        var response = SP.WebProxy.invoke(context, request);

        context.executeQueryAsync(successHandler, errorHandler);

        function successHandler() {
            if (response.get_statusCode() == 200) {
            var token = JSON.parse(response.get_body());
            deferred.resolve(token);
        } else {
            var httpCode = response.get_statusCode();
            var httpText = response.get_body();
            deferred.reject(httpCode + ": " + httpText);
        }
    }

    function errorHandler() {
        deferred.reject(response.get_body());
    }

    return deferred.promise;
  };
4

1 回答 1

0

Erik,这里有些奇怪 - 您正在使用来自 JavaScript 客户端的客户端凭据流 - 这会向 JS 应用程序的用户揭示发给客户端应用程序的秘密。

客户端凭据流还要求目录管理员向客户端应用程序授予目录读取权限 - 不确定这是否已经配置 - 但是它只能用于机密客户端,而不是像 JS 应用程序这样的公共客户端。

Azure AD 尚未实现implicit_grant oauth 流,JS 客户端应用程序可以使用该流代表用户通过重定向绑定(在片段中)获取访问令牌。这是我们正在努力的一项专业要求 - 请继续关注。

于 2014-07-13T00:34:29.680 回答