1

我正在尝试通过 Microsoft Graph 从 Azure 函数向团队频道发布消息。

我已按照以下步骤在 Azure AD 中注册应用程序,授予该应用程序 API 权限 ( Group.ReadWrite.All),请求令牌,以便我的应用程序可以以用户身份调用 Graph,然后使用该持有者令牌调用 API。

到目前为止,这适用于从团队频道检索消息,并且调用会按预期返回来自频道的所有消息。但是当我尝试POST接收新消息时,我会收到Unauthorised回复。我想我选择了正确的 API 权限并获得了对这些权限的同意,所以我看不到我错过或搞砸了什么。

以下是我的 AAD 令牌请求的一些详细信息:

  • API(发布):https://login.microsoftonline.com/{TenantId}/oauth2/token
  • RestSharp 参数:
    • 资源:https://graph.microsoft.com
    • 范围:https://graph.microsoft.com/.default
    • 客户端 ID:{应用 ID 的 GUID}
    • 客户端密码 {应用注册的密码}
    • 用户名:(我的委托用户电子邮件地址)
    • 密码:(我的委托用户密码)

这是返回的令牌

{
  "token_type":"Bearer",
  "scope":"Chat.ReadWrite Group.ReadWrite.All TeamsActivity.Send User.Read",
  "expires_in":"3599",
  "ext_expires_in":"3599",
  "expires_on":"1581602086",
  "not_before":"1581598186",
  "resource":"https://graph.microsoft.com",
  "access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6Ilp6REVFN..."
}

然后,我使用不记名令牌标头调用 Graph 端点/beta/teams/{Team ID}/channels/{Channel ID}/messages。然后,我尝试POST通过将此正文添加到消息(RestSharp)来发送消息:

graphRequest.AddParameter(
  "application/json", 
  "{\"body\": {\"content\": \"Hello World\"}}", 
  ParameterType.RequestBody);

这是回应:

{
  "error": {
    "code": "Forbidden",
    "message": "Forbidden",
    "innerError": {
      "request-id": "487ce496-09dd-4385-98ba-f7c1f561b996",
      "date": "2020-02-13T13:27:32"
    }
  }

这是解码的令牌

{
  "iat": 1581600138,
  "nbf": 1581600138,
  "exp": 1581604038,
  "acct": 0,
  "acr": "1",
  "aio": "{removed}",
  "amr": ["pwd"],
  "app_displayname": "{removed}",
  "appid": "{removed}",
  "appidacr": "1",
  "family_name": "test",
  "given_name": "AM",
  "ipaddr": "{removed}",
  "name": "AM Test",
  "oid": "{removed}",
  "platf": "14",
  "puid": "10032000842ED84F",
  "scp": "Chat.ReadWrite Group.ReadWrite.All TeamsActivity.Send User.Read",
  "sub": "{removed}",
  "tid": "{removed}",
  "unique_name": "{removed}.onmicrosoft.com",
  "upn": "{removed}.onmicrosoft.com",
  "uti": "{removed}",
  "ver": "1.0",
  "xms_tcdt": 1307525692
}
4

0 回答 0