Fatal编程技术网
  • javascript/
  • Javascript 从承载令牌O365获取当前登录用户的用户信息

Javascript 从承载令牌O365获取当前登录用户的用户信息

javascript oauth-2.0 microsoft-graph-api

Javascript 从承载令牌O365获取当前登录用户的用户信息,javascript,oauth-2.0,microsoft-graph-api,bearer-token,o365-flow,Javascript,Oauth 2.0,Microsoft Graph Api,Bearer Token,O365 Flow,我有一个来自O365的承载令牌,当我解码它时,不存在当前登录用户的用户信息。我能够获得一个令牌并使用解码。我需要的用户信息是家庭名称、给定名称和用户名称 我可以获得一个带有用户信息的令牌,但是只有当我将grant_类型更改为password并指定用户名和密码时。这给了我一个带有刷新令牌的委托令牌,它包含了我需要的用户信息,但根据需求这是不可能的 是否有其他方法可以在不将授权类型更改为密码的情况下从令牌获取用户信息 使用Ajax请求的令牌请求 var form = new FormData();

我有一个来自O365的承载令牌,当我解码它时,不存在当前登录用户的用户信息。我能够获得一个令牌并使用解码。我需要的用户信息是家庭名称、给定名称和用户名称

我可以获得一个带有用户信息的令牌,但是只有当我将grant_类型更改为password并指定用户名和密码时。这给了我一个带有刷新令牌的委托令牌,它包含了我需要的用户信息,但根据需求这是不可能的

是否有其他方法可以在不将授权类型更改为密码的情况下从令牌获取用户信息

使用Ajax请求的令牌请求

var form = new FormData();
form.append("grant_type", "client_credentials");
form.append("client_id", "xxxxx-xxxxx-xxxx-xxxxxx");
form.append("client_secret", "xxxxxxxxxx");
form.append("scope", "https://graph.microsoft.com/.default");

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/xxxxxxxxxxx/oauth2/token",
  "method": "POST",
  "headers": {

    "cache-control": "no-cache",
    "postman-token": "4b326d42-a15d-c1ef-e2d3-2fb7f690b2ac"
  },
  "processData": false,
  "contentType": false,
  "mimeType": "multipart/form-data",
  "data": form
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImllX3FXQ1hoWHh0MXpJRXN1NGM3YWNRVkduNCIsImtpZCI6ImllX3FXQ1hoWHh0MXpJRXN1NGM3YWNRVkduNCJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9jZTE2ZDRlMC0wYTUyLTQwMjgtOTVhOS1iNDIzMTAwYTgxNzMvIiwiaWF0IjoxNTY5MTY3MDM1LCJuYmYiOjE1NjkxNjcwMzUsImV4cCI6MTU2OTE3MDkzNSwiYWlvIjoiNDJGZ1lEaDE0WDU5OGNrT3Y5eGpjNm8vM0JIWkNRQT0iLCJhcHBpZCI6Ijc3OGVlNzNmLTg3OTQtNDVkZi05MDk1LTJhNjNhMTBiMmFkNCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2NlMTZkNGUwLTBhNTItNDAyOC05NWE5LWI0MjMxMDBhODE3My8iLCJvaWQiOiJhYTZlMTI3Mi0xNmIyLTRhMDEtYTA4ZC03NmRkYmQ1MjRmMjYiLCJzdWIiOiJhYTZlMTI3Mi0xNmIyLTRhMDEtYTA4ZC03NmRkYmQ1MjRmMjYiLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiTkEiLCJ0aWQiOiJjZTE2ZDRlMC0wYTUyLTQwMjgtOTVhOS1iNDIzMTAwYTgxNzMiLCJ1dGkiOiI3WENYa0tydk5rQ05XWGdjVndHYUFBIiwidmVyIjoiMS4wIn0.nbRKMflEF7582CVhyyUDPV1KfwyjY1uMG9w5jRLGUkg_bkEiqqvjudT6X4s32szdSAYdwddXUmrWCoqPm5hkbPA4eOqDrYk_y-mvNZwrmr2ZdrpqH4ma_w39kuCIcq7_vRgKfpZ3r3i-c21Ilpgr92qI25WWqDOFgKVO1Pd4YVRqy9caZ7DVeiIp26BAqAFHwuLEEbhXakOqUXfh49LShzTwpzl-8UaIQBzyoiFUWksA2OdM1cTaf-LSTYjwKXu5IN7rJ7z6xkC3YSLmctOPP2a1Y3PpYAlGbKmSdde5do4rIckiFRcwoUsqGGFOkzuyHUwU0na26-DLDLEB8DJ1og
承载令牌结果

var form = new FormData();
form.append("grant_type", "client_credentials");
form.append("client_id", "xxxxx-xxxxx-xxxx-xxxxxx");
form.append("client_secret", "xxxxxxxxxx");
form.append("scope", "https://graph.microsoft.com/.default");

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/xxxxxxxxxxx/oauth2/token",
  "method": "POST",
  "headers": {

    "cache-control": "no-cache",
    "postman-token": "4b326d42-a15d-c1ef-e2d3-2fb7f690b2ac"
  },
  "processData": false,
  "contentType": false,
  "mimeType": "multipart/form-data",
  "data": form
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImllX3FXQ1hoWHh0MXpJRXN1NGM3YWNRVkduNCIsImtpZCI6ImllX3FXQ1hoWHh0MXpJRXN1NGM3YWNRVkduNCJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9jZTE2ZDRlMC0wYTUyLTQwMjgtOTVhOS1iNDIzMTAwYTgxNzMvIiwiaWF0IjoxNTY5MTY3MDM1LCJuYmYiOjE1NjkxNjcwMzUsImV4cCI6MTU2OTE3MDkzNSwiYWlvIjoiNDJGZ1lEaDE0WDU5OGNrT3Y5eGpjNm8vM0JIWkNRQT0iLCJhcHBpZCI6Ijc3OGVlNzNmLTg3OTQtNDVkZi05MDk1LTJhNjNhMTBiMmFkNCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2NlMTZkNGUwLTBhNTItNDAyOC05NWE5LWI0MjMxMDBhODE3My8iLCJvaWQiOiJhYTZlMTI3Mi0xNmIyLTRhMDEtYTA4ZC03NmRkYmQ1MjRmMjYiLCJzdWIiOiJhYTZlMTI3Mi0xNmIyLTRhMDEtYTA4ZC03NmRkYmQ1MjRmMjYiLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiTkEiLCJ0aWQiOiJjZTE2ZDRlMC0wYTUyLTQwMjgtOTVhOS1iNDIzMTAwYTgxNzMiLCJ1dGkiOiI3WENYa0tydk5rQ05XWGdjVndHYUFBIiwidmVyIjoiMS4wIn0.nbRKMflEF7582CVhyyUDPV1KfwyjY1uMG9w5jRLGUkg_bkEiqqvjudT6X4s32szdSAYdwddXUmrWCoqPm5hkbPA4eOqDrYk_y-mvNZwrmr2ZdrpqH4ma_w39kuCIcq7_vRgKfpZ3r3i-c21Ilpgr92qI25WWqDOFgKVO1Pd4YVRqy9caZ7DVeiIp26BAqAFHwuLEEbhXakOqUXfh49LShzTwpzl-8UaIQBzyoiFUWksA2OdM1cTaf-LSTYjwKXu5IN7rJ7z6xkC3YSLmctOPP2a1Y3PpYAlGbKmSdde5do4rIckiFRcwoUsqGGFOkzuyHUwU0na26-DLDLEB8DJ1og
我不确定澳元是否正确

我做了一些研究,发现了这个解决方案,它要求您执行这些步骤以获得所需的信息。基本上,授权(登录)响应返回一个代码,用于获取令牌

此令牌将包含用户信息,然后用于访问Microsoft Graph API并获取用户信息。请参见

如果使用应用程序权限(appid和secret),则没有用户交互,也没有用户信息。这是否意味着不使用授权类型:密码就无法获取用户信息?。是否有其他方法获取已登录用户?简而言之,没有。没有记录器用户,只有已登录的应用程序。