那些遇到过的问题

Microsoft MSAL - 获取多个范围的令牌

Ale*_*x L 6 sharepoint azure-ad-msal microsoft-graph-api

在 Azure Active Directory 中,我有一个应用程序需要在以下范围内使用 MicrosoftGraphAPI 和 SharePointAPI:

GraphAPI scopes:

"https://graph.microsoft.com/User.Read.All",
"https://graph.microsoft.com/Group.Read.All",
"https://graph.microsoft.com/Sites.Read.All",
"https://graph.microsoft.com/Calendars.Read.Shared",
"https://graph.microsoft.com/MailboxSettings.Read",
"https://graph.microsoft.com/Files.Read.All"
Run Code Online (Sandbox Code Playgroud)

SharePointAPI scopes:

"https://microsoft.sharepoint-df.com/AllSites.Read",
"https://microsoft.sharepoint-df.com/AllSites.FullControl",
"https://microsoft.sharepoint-df.com/User.Read.All"
Run Code Online (Sandbox Code Playgroud)

我正在尝试获取该应用程序的令牌:

from msal import PublicClientApplication
AUTHORITY = 'https://login.microsoftonline.com/common'

scopes = [ "https://microsoft.sharepoint-df.com/AllSites.Read",
           "https://microsoft.sharepoint-df.com/AllSites.FullControl",
           "https://microsoft.sharepoint-df.com/User.Read.All"
           "https://graph.microsoft.com/User.Read.All",
           "https://graph.microsoft.com/Group.Read.All",
           "https://graph.microsoft.com/Sites.Read.All",
           "https://graph.microsoft.com/Calendars.Read.Shared",
           "https://graph.microsoft.com/MailboxSettings.Read",
           "https://graph.microsoft.com/Files.Read.All"
         ]

app = PublicClientApplication(client_id, authority=AUTHORITY)
flow = app.initiate_device_flow(scopes=scopes)
Run Code Online (Sandbox Code Playgroud)

但是在 WebUI 中批准该应用程序后,我收到以下错误:

'error_description': 'AADSTS28000: Provided value for the input parameter scope is not valid 
because it contains more than one resource. Scope https://graph.microsoft.com/Calendars.Read.Shared 
https://graph.microsoft.com/Files.Read.All https://graph.microsoft.com/Group.Read.All 

https://graph.microsoft.com/MailboxSettings.Read https://graph.microsoft.com/Sites.Read.All 

https://graph.microsoft.com/User.Read.All https://microsoft.sharepoint-df.com/AllSites.FullControl 
https://microsoft.sharepoint-df.com/AllSites.Read https://microsoft.sharepoint-df.com/User.Read.All 
offline_access openid profile is not valid'
Run Code Online (Sandbox Code Playgroud)

Alf*_*SFT 7

这是预期的行为。您不能混合资源(图形、共享点等),但您可以使用相同的刷新令牌为每个附加资源获取 1 个访问令牌

您可以在 MSAL 中调用以下方法来实现此目的:

PublicClientApplication.AcquireTokenByRefreshToken(IEnumerable<string> scopes, string refreshToken);
Run Code Online (Sandbox Code Playgroud)

归档时间:

查看次数:

10579 次

最近记录:

2 年,10 月 前
相关归档
需要技术建议/建议 6
SyntaxError:无法在'Document'上执行'querySelector':'[object HTMLDocument]'不是有效的选择器 6
OneDrive 支持的搜索查询 5
应用程序对此 Web 资源没有足够的权限,无法在 Azure AD B2C 中执行操作 5
Sharepoint Guidfield - 如何在前端显示它并在代码中设置它的值? 4
SharePoint/GetVersionCollection - 如何识别哪个版本? 4
SharePoint REST 请求选择所有列并展开查找列 4
了解ClientContext.Load的参数 2
更改 Microsoft Graph API 重定向 Uri 中的“code”参数 1
在caml查询中按日期排序 -1
难疑归档
如何在本地和远程删除Git分支? 16311
如何在Bash中连接字符串变量 2624
什么时候应该使用static_cast,dynamic_cast,const_cast和reinterpret_cast? 2367
npm package.json文件中依赖项,devDependencies和peerDependencies之间有什么区别? 1872
makefile中.PHONY的目的是什么? 1535
Android中的gravity和layout_gravity有什么区别? 1286
git:撤消所有工作目录更改,包括新文件 1108
Visual Studio中的构建解决方案,重建解决方案和清洁解决方案之间的区别? 1081
shell脚本中的YYYY-MM-DD格式日期 1045
如何在Ruby on Rails中获取当前的绝对URL? 1030