尝试使用Microsoft Graph Security API构建客户端应用程序。
我们已经在 Azure 门户中进行了授权,获得了管理员同意,并且 JWT 显示范围存在(下面的片段):
"scp": "Calendars.Read MailboxSettings.Read offline_access People.Read profile SecurityEvents.Read.All SecurityEvents.ReadWrite.All User.Read User.Read.All",
以下是我们请求令牌的方式:
// acquire token for ms graph. the service we're acquiring a token for
// should be the same service we call in the ajax request below
authContext.acquireToken('https://graph.microsoft.com', (error, token) => {
// Handle ADAL Error
if (error || !token) {
printErrorMessage('ADAL Error Occurred: ' + error);
return;
}
this.token = token; //update our data with the token
});
但是当我们通过网络调用到达端点时,我们仍然得到一个403
没有返回数据的结果:
$.ajax({
type: "GET",
url: "https://graph.microsoft.com/v1.0/security/alerts",
headers: {
'Authorization': 'Bearer ' + this.token,
}
}).done(async (data) => {
console.log(data);
}).fail(() => {
console.log('Error getting top 10 people!');
});
这是潜在的错误(通过邮递员):
{
"error": {
"code": "UnknownError",
"message": "Auth token does not contain valid permissions or user does not have valid roles.",
"innerError": {
"request-id": "6411dbc9-eebb-4522-b789-62ab5f754d0c",
"date": "2019-04-23T15:17:12"
}
}
}
编辑:访问应用程序的用户附加了“安全阅读器”目录角色。
任何帮助将不胜感激。:)