0

我正在尝试上传和列出从共享点到使用 Microsoft Graph Client 的文件。我按照以下文档进行操作。

文档 URL https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=Java

这是我的代码示例和异常日志。

代码

ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
              .clientId("CLIENT_ID")
              .clientSecret("CLIENT_SECRET")
              .tenantId("TENANT_ID")
              .build();

TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(Arrays.asList("https://graph.microsoft.com/offline_access",
               "https://graph.microsoft.com/Files.ReadWrite.All","https://graph.microsoft.com/Sites.Manage.All"),
               clientSecretCredential);
GraphServiceClient graphClient =
              GraphServiceClient
                      .builder()
                      .authenticationProvider(tokenCredentialAuthProvider)
                      .buildClient();
DriveItemCollectionPage driveCollectionPage = graphClient.sites("SITE_ID")
              .drive().items("ITEM_ID").children().buildRequest().get();

异常日志:

Caused by: java.lang.NoSuchMethodError: 'com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder com.microsoft.aad.msal4j.ConfidentialClientApplication$Builder.sendX5c(boolean)'
at com.azure.identity.implementation.IdentityClient.lambda$getConfidentialClientApplication$5(IdentityClient.java:233)
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44)
at reactor.core.publisher.MonoCacheTime.subscribeOrReturn(MonoCacheTime.java:143)
at reactor.core.publisher.Mono.subscribe(Mono.java:4385)
at reactor.core.publisher.Mono.subscribeWith(Mono.java:4515)
at reactor.core.publisher.Mono.toFuture(Mono.java:4920)
at com.microsoft.graph.authentication.TokenCredentialAuthProvider.getAuthorizationTokenAsync(TokenCredentialAuthProvider.java:58)
at com.microsoft.graph.httpcore.AuthenticationHandler.intercept(AuthenticationHandler.java:54)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at com.microsoft.graph.httpcore.TelemetryHandler.intercept(TelemetryHandler.java:69)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:408)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:226)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:203)
at com.microsoft.graph.http.BaseCollectionRequest.send(BaseCollectionRequest.java:103)
at com.microsoft.graph.http.BaseEntityCollectionRequest.get(BaseEntityCollectionRequest.java:78)

有人可以帮我解决这个问题吗?

4

2 回答 2

0

使用客户端凭据流,需要您执行管理员同意。

如果您已获得管理员同意,则可以将范围更改为 be https://graph.microsoft.com/.default,仅此而已。生成的令牌将具有您授予应用程序的所有应用程序权限。

查看有关客户端凭据流程的文档,https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

于 2022-03-03T22:21:21.877 回答
0

我修复了上述问题。通过在 pom 文件中添加以下依赖项。

<dependency>
    <groupId>com.microsoft.azure</groupId>
    <artifactId>msal4j</artifactId>
    <version>1.11.2</version>
</dependency>

现在我面临范围问题。低于上述范围的错误(offline_access, Files.ReadWrite.All,Sites.Manage.All)

com.microsoft.aad.msal4j.MsalServiceException: AADSTS1002012: The provided value for scope Sites.Manage.All Files.ReadWrite.All openid profile offline_access is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).

如果我添加/.default范围然后生成令牌但得到 403 Forbidden。这是我的应用程序权限。

在此处输入图像描述

有人可以指导我,我在这里缺少逻辑吗?

于 2022-03-03T03:55:51.473 回答