0
我的問題是ADAP for GRAPH API中的「SCOPE or PERMISSION」。ADAL 3.13 - 圖表API
我使用ADAL 3.13和我創建了下面的腳本:
$adal = "C:\Users\filippog\Desktop\ADAL\_Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = "C:\Users\filippog\Desktop\ADAL\_Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
[System.Reflection.Assembly]::LoadFrom($adal)
[System.Reflection.Assembly]::LoadFrom($adalforms)
[string] $adTenant = "****"
[string] $clientId = "1950a258-227b-4e31-a9cf-717495945fc2" #id client of powershell
[string] $resourceAppIdURI = "https://graph.windows.net/"
[string] $authority = "https://login.microsoftonline.com/$adTenant"
[uri] $redirectUri = "urn:ietf:wg:oauth:2.0:oob" #redirect urPowerShell - i of powershell
[string] $resourceURI = 'https://graph.microsoft.com/'
[string] $scope = "scope=mail.read"
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority #,$false
$PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Always
$platformParam = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList $PromptBehavior
$userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList "****", "OptionalDisplayableId"
$authResult = $authContext.AcquireTokenAsync($resourceUri, $clientId, $redirectUri, $platformParam, $userId, $scope)
$AuthHeader=$authResult.result.CreateAuthorizationHeader()
$headers = @{
"Authorization" = $AuthHeader
"Content-Type" = "application/json"
}
Invoke-RestMethod -Headers $headers -Uri https://graph.microsoft.com/v1.0/me/messages -Method Get
我的問題是,當我執行一個腳本並調用圖形(例如,graph/v1.0/me它的工作原理,但是當我調用graph/v1.0/me/messages,該腳本返回error 403。
你真的不應該使用非你自己的應用程序的客戶端ID。註冊自己的本地客戶端應用程序非常簡單,您將獲得更多優勢(例如,您可以在登錄提示中控制命名和品牌)。 –