我正在尝试通过 Microsoft Graph 从 Azure 函数向团队频道发布消息。
我已按照以下步骤在 Azure AD 中注册应用程序,授予该应用程序 API 权限 ( Group.ReadWrite.All
),请求令牌,以便我的应用程序可以以用户身份调用 Graph,然后使用该持有者令牌调用 API。
到目前为止,这适用于从团队频道检索消息,并且调用会按预期返回来自频道的所有消息。但是当我尝试POST
接收新消息时,我会收到Unauthorised
回复。我想我选择了正确的 API 权限并获得了对这些权限的同意,所以我看不到我错过或搞砸了什么。
以下是我的 AAD 令牌请求的一些详细信息:
- API(发布):
https://login.microsoftonline.com/{TenantId}/oauth2/token
- RestSharp 参数:
- 资源:
https://graph.microsoft.com
- 范围:
https://graph.microsoft.com/.default
- 客户端 ID:{应用 ID 的 GUID}
- 客户端密码 {应用注册的密码}
- 用户名:(我的委托用户电子邮件地址)
- 密码:(我的委托用户密码)
- 资源:
这是返回的令牌
{
"token_type":"Bearer",
"scope":"Chat.ReadWrite Group.ReadWrite.All TeamsActivity.Send User.Read",
"expires_in":"3599",
"ext_expires_in":"3599",
"expires_on":"1581602086",
"not_before":"1581598186",
"resource":"https://graph.microsoft.com",
"access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6Ilp6REVFN..."
}
然后,我使用不记名令牌标头调用 Graph 端点/beta/teams/{Team ID}/channels/{Channel ID}/messages
。然后,我尝试POST
通过将此正文添加到消息(RestSharp)来发送消息:
graphRequest.AddParameter(
"application/json",
"{\"body\": {\"content\": \"Hello World\"}}",
ParameterType.RequestBody);
这是回应:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"request-id": "487ce496-09dd-4385-98ba-f7c1f561b996",
"date": "2020-02-13T13:27:32"
}
}
这是解码的令牌
{
"iat": 1581600138,
"nbf": 1581600138,
"exp": 1581604038,
"acct": 0,
"acr": "1",
"aio": "{removed}",
"amr": ["pwd"],
"app_displayname": "{removed}",
"appid": "{removed}",
"appidacr": "1",
"family_name": "test",
"given_name": "AM",
"ipaddr": "{removed}",
"name": "AM Test",
"oid": "{removed}",
"platf": "14",
"puid": "10032000842ED84F",
"scp": "Chat.ReadWrite Group.ReadWrite.All TeamsActivity.Send User.Read",
"sub": "{removed}",
"tid": "{removed}",
"unique_name": "{removed}.onmicrosoft.com",
"upn": "{removed}.onmicrosoft.com",
"uti": "{removed}",
"ver": "1.0",
"xms_tcdt": 1307525692
}