我正在构建一个访问 Office 365 邮箱的后台服务,以检索电子邮件并在我们的应用程序中处理它们。处理完成后,它应该删除电子邮件。
我已经使用 X509 证书成功设置了 Web 服务的身份验证以获取 OAuth 访问令牌(感谢这篇博文),并且可以使用 HTTP Get 读取用户的电子邮件:
- https://outlook.office365.com/api/v2.0/users ('[emailAddressHere]')/messages?$top=50
这将返回消息对象的所需 JSON 响应。
我现在希望在处理完电子邮件后将其删除,为此我尝试了两种方法:
HTTP DELETE: https://outlook.office365.com/api/v2.0/users('[emailAddress]')/messages/[messageId]
和:
HTTP POST: https://outlook.office365.com/api/v2.0/users('[emailAddress]')/messages/[messageId]/move
包含:
_request.Content = New StringContent("{""DestinationId"": ""DeletedItems""}", Encoding.utf8, "application/json")
我最初在 Azure AD 中设置了我的应用程序,并具有对其他应用程序的权限,包括 Office 365 Exchange Online,同时具有应用程序权限和委派权限(此处不应适用),只能阅读邮件。此时从 http get 请求读取邮件工作正常。
然后,我尝试向后台服务添加一个新方法,该方法在消息完成后将其删除。每当我按照上面的定义运行删除或移动到已删除项目时,我都会收到带有以下消息的 403:
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
我回去并为应用程序和委托添加了读/写权限,但在发送我的请求时没有任何改变。
然后,作为一项实验,我从 Azure AD 中的应用程序中删除了 Office 365 的所有权限。正如预期的那样,这阻止了我检索以前工作的电子邮件。这证明我已成功连接到我的应用程序。
但是,我随后重新添加了权限,现在对于所有请求,我都会收到 401:
x-ms-diagnostics: 2000008;reason="The token contains no permissions, or permissions can not be understood.";error_category="invalid_grant"
此后,我尝试从 Azure AD 中的应用程序中删除 Office 365 并重新添加,但无法解决问题。
添加/更新权限是否有一些延迟?
如何修复应用程序,使其既可以检索、删除和/或移动电子邮件?
当我遇到删除问题时的完整回复是:
StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Transfer-Encoding: chunked
request-id: 9734281b-60f6-48e0-bea4-a3ce0c8b9744
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
X-CalculatedBETarget: HE1PR04MB0971.eurprd04.prod.outlook.com
X-BackEndHttpStatus: 403
Cache-Control: private
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Set-Cookie: exchangecookie=ed0bfaa0c16e44ffac392df7da2dacd3; expires=Fri, 13-Jan-2017 13:30:18 GMT; path=/; HttpOnly
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
OData-Version: 4.0
X-AspNet-Version: 4.0.30319
X-DiagInfo: HE1PR04MB0971
X-BEServer: HE1PR04MB0971
X-Powered-By: ASP.NET
Date: Wed, 13 Jan 2016 13:30:18 GMT
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
}
对当前权限问题的完整回应是:
StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Transfer-Encoding: chunked
request-id: 9734281b-60f6-48e0-bea4-a3ce0c8b9744
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
client-request-id: 1f7ee398-340e-45c4-985a-e89a34d3a4d9
X-CalculatedBETarget: HE1PR04MB0971.eurprd04.prod.outlook.com
X-BackEndHttpStatus: 403
Cache-Control: private
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Set-Cookie: exchangecookie=ed0bfaa0c16e44ffac392df7da2dacd3; expires=Fri, 13-Jan-2017 13:30:18 GMT; path=/; HttpOnly
Set-Cookie: ClientId=XFUHAPKC3UISCO9J0WCOG; expires=Thu, 12-Jan-2017 13:30:18 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
OData-Version: 4.0
X-AspNet-Version: 4.0.30319
X-DiagInfo: HE1PR04MB0971
X-BEServer: HE1PR04MB0971
X-Powered-By: ASP.NET
Date: Wed, 13 Jan 2016 13:30:18 GMT
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
}