我正在使用 MIP 文件示例命令行界面来应用标签。尝试应用已设置保护的标签时,出现“标签需要临时保护,但尚未设置保护”错误。因此,我尝试使用“--protect”选项保护文件并收到以下错误消息:“发生了一些不好的事情:服务不接受身份验证令牌。挑战:['Bearer resource="https://aadrm. com", realm="", 授权="https://login.windows.net/common/oauth2/authorize"'], CorrelationId=ce732e4a-249a-47ec-a7c2-04f4d68357da, CorrelationId.Description=ProtectionEngine, CorrelationId= 6ff992dc-91b3-4610-a24d-d57e13902114,CorrelationId.Description=FileHandler"
这是我的 auth.py 文件:
def main(argv):
client_id = str(argv[0])
tenant_id = str(argv[1])
secret = str(argv[2])
authority = "https://login.microsoftonline.com/{}".format(tenant_id)
app = msal.ConfidentialClientApplication(client_id, authority=authority, client_credential=secret)
result = None
scope = ["https://psor.o365syncservice.com/.default"]
result = app.acquire_token_silent(scope, account=None)
if not result:
logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
result = app.acquire_token_for_client(scopes=scope)
if "access_token" in result:
sys.stdout.write(result['access_token'])
else:
print(result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id")) # You may need this when reporting a bug
if __name__ == '__main__':
main(sys.argv[1:])
我尝试将范围更改为 ["https://aadrm.com/.default"] 然后我能够保护文件,但是当我尝试获取文件状态或尝试在其上应用标签时,我得到了同样的错误带有错误身份验证令牌的消息。
这些是 azure 门户中配置的权限:
谢谢