在我的应用程序中,我使用 Azure AD 的OIDCStrategy
策略实现了登录模式passport-azure-ad
。现在我正在尝试使用登录微软后收到的访问令牌进行 Graph 的列表用户 api 调用。但我收到了这个错误。
GraphError {
statusCode: 403,
code: 'Authorization_RequestDenied',
message: 'Insufficient privileges to complete the operation.',
request-id:"XXXX",
date: 2020-11-24T09:24:05.000Z,
body: '{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2020-11-24T14:54:05","request-id":"XXXX","client-request-id":"XXXXXXX"}}'
}
我的应用程序有这么多权限,但我仍然收到上述错误。我究竟做错了什么?
这是解码的访问令牌对象:
{"aud":"00000003-0000-0000-c000-000000000000","iss":"https://sts.windows.net/7adbf72e-a1bf-48dc-8646-f09a986d8cf5/","iat":1606229343,"nbf":1606229343,"exp":1606233243,"acct":1,"acr":"1","acrs":["urn:user:registersecurityinfo","urn:microsoft:req1","urn:microsoft:req2","urn:microsoft:req3","c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"],"aio":"AUQAu/8RAAAAOsguW0xieoa2CFuuDvL0jrUAtSMCWcD3IdbuCmn3lJuENH6iLn9d8hRFHUma9pcCBZX/wJfdyN6bA61m7ntpgg==","altsecid":"5::10032000C782425B","amr":["pwd"],"app_displayname":"ODP Local App","appid":"57ceab52-f7b8-4de4-a3ad-25dad057c497","appidacr":"1","email":"xxxx@xxxx.com","idp":"https://sts.windows.net/f6e57c1b-6cbc-42a4-8e89-39e1bef6c49f/","idtyp":"user","ipaddr":"49.207.220.153","name":"xxxx.xxxx","oid":"e4c3eda9-513d-4cb6-bfb7-d13a856226bc","platf":"5","puid":"10032000C7758CA0","rh":"0.AAAALvfber-h3EiGRvCamG2M9VKrzle49-RNo60l2tBXxJceAJc.","scp":"Directory.Read.All Mail.Read openid profile User.Read User.Read.All User.ReadBasic.All email","sub":"nFYoEl4fstYqfN3kFRucklSfbW6dOoYKBf4KkCDwrkk","tenant_region_scope":"NA","tid":"7adbf72e-a1bf-48dc-8646-f09a986d8cf5","unique_name":"xxxx@xxxx.com","uti":"IjWpoZpXkEex8C9Om31AAA","ver":"1.0","wids":["13bd1c72-6f4a-4dcf-985f-18d3b80f208a"],"xms_st":{"sub":"Hg0g_xypTWd5nXzHsNNOTQQwBlABxJ-NlyRDj8JqsuM"},"xms_tcdt":1540458072}
Application administrator
PS:当登录的用户被分配角色时,API 会成功。用户是否需要单独的/users
api 角色?应用程序权限是否不够?