在Android上使用OfficeJs的回调令牌进行身份验证时,Outlook REST API调用以403响应代码结束
要在后端下载Exchange项目,在Office cloud AddIn中,我们调用OfficeJs在Android上使用OfficeJs的回调令牌进行身份验证时,Outlook REST API调用以403响应代码结束,outlook,office-js,outlook-addin,office-addins,outlook-restapi,Outlook,Office Js,Outlook Addin,Office Addins,Outlook Restapi,要在后端下载Exchange项目,在Office cloud AddIn中,我们调用OfficeJsgetCallbackTokenAsync,它提供范围令牌。然后在带有令牌的后端,我们通过Outlook REST/EWS API(o365)下载一个项目 最近我们遇到了以下问题:当我们尝试通过RESTAPI下载403响应代码时,Android上的一些客户会得到403响应代码,但其中一些工作正常。经过调查,我发现: 在Outlook版本为4.2108.3(42108814)的Android上,回调
getCallbackTokenAsync
,它提供范围令牌。然后在带有令牌的后端,我们通过Outlook REST/EWS API(o365)下载一个项目
最近我们遇到了以下问题:当我们尝试通过RESTAPI下载403响应代码时,Android上的一些客户会得到403响应代码,但其中一些工作正常。经过调查,我发现:
在Outlook版本为4.2108.3(42108814)的Android上,回调令牌负载为
{
"nameid": "ddb00a58-4ace-4bbd-880b-ce841b0ae55d@848c5ff4-6a22-405e-a845-732e98511fdd",
"ver": "Exchange.Callback.V1",
"appctxsender": "https://my-host-for.addin.something/main.html?parameter=some@848c5ff4-6a22-405e-a845-732e98511fdd",
"issring": "WW",
"appctx": "{\"oid\":\"dc3f8f9a-c0f8-4243-9a8c-ccf89099cd2b\",\"smtp\":\"my.user@email.test\",\"upn\":\"my.user@email.test\",\"scope\":\"AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0Aabol7TmVQkmDNhnSdkE8jAAAiPSJTAAA\"}",
"nbf": 1616074356,
"exp": 1616074656,
"iss": "00000002-0000-0ff1-ce00-000000000000@848c5ff4-6a22-405e-a845-732e98511fdd",
"aud": "00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@848c5ff4-6a22-405e-a845-732e98511fdd",
"happ": "OutlookService"
}
在Outlook版本为4.2109.0的iOS上,回调令牌为
{
"nameid": "ddb00a58-4ace-4bbd-880b-ce841b0ae55d@848c5ff4-6a22-405e-a845-732e98511fdd",
"ver": "Exchange.Callback.V1",
"appctxsender": "https://my-host-for.addin.something/main.html?parameter=some@848c5ff4-6a22-405e-a845-732e98511fdd",
"issring": "WW",
"appctx": "{\"oid\":\"dc3f8f9a-c0f8-4243-9a8c-ccf89099cd2b\",\"smtp\":\"my.user@email.test\",\"upn\":\"my.user@email.test\",\"scope\":\"ParentItemId:AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0Aabol7TmVQkmDNhnSdkE8jAAAiPSJTAAA\"}",
"nbf": 1616076538,
"exp": 1616076838,
"iss": "00000002-0000-0ff1-ce00-000000000000@848c5ff4-6a22-405e-a845-732e98511fdd",
"aud": "00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@848c5ff4-6a22-405e-a845-732e98511fdd",
"happ": "API"
}
{
"nameid": "ddb00a58-4ace-4bbd-880b-ce841b0ae55d@848c5ff4-6a22-405e-a845-732e98511fdd",
"ver": "Exchange.Callback.V1",
"appctxsender": "https://my-host-for.addin.something/main.html?parameter=some@848c5ff4-6a22-405e-a845-732e98511fdd",
"issring": "WW",
"appctx": "{\"oid\":\"dc3f8f9a-c0f8-4243-9a8c-ccf89099cd2b\",\"smtp\":\"my.user@email.test\",\"upn\":\"my.user@email.test\",\"scope\":\"ParentItemId:AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0Aabol7TmVQkmDNhnSdkE8jAAAiPSJTAAA\"}",
"nbf": 1616077603,
"exp": 1616077903,
"iss": "00000002-0000-0ff1-ce00-000000000000@848c5ff4-6a22-405e-a845-732e98511fdd",
"aud": "00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@848c5ff4-6a22-405e-a845-732e98511fdd",
"happ": "API"
}
在Outlook版本为4.2108.3(32108814)的Android上,回调令牌为
{
"nameid": "ddb00a58-4ace-4bbd-880b-ce841b0ae55d@848c5ff4-6a22-405e-a845-732e98511fdd",
"ver": "Exchange.Callback.V1",
"appctxsender": "https://my-host-for.addin.something/main.html?parameter=some@848c5ff4-6a22-405e-a845-732e98511fdd",
"issring": "WW",
"appctx": "{\"oid\":\"dc3f8f9a-c0f8-4243-9a8c-ccf89099cd2b\",\"smtp\":\"my.user@email.test\",\"upn\":\"my.user@email.test\",\"scope\":\"ParentItemId:AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0Aabol7TmVQkmDNhnSdkE8jAAAiPSJTAAA\"}",
"nbf": 1616076538,
"exp": 1616076838,
"iss": "00000002-0000-0ff1-ce00-000000000000@848c5ff4-6a22-405e-a845-732e98511fdd",
"aud": "00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@848c5ff4-6a22-405e-a845-732e98511fdd",
"happ": "API"
}
{
"nameid": "ddb00a58-4ace-4bbd-880b-ce841b0ae55d@848c5ff4-6a22-405e-a845-732e98511fdd",
"ver": "Exchange.Callback.V1",
"appctxsender": "https://my-host-for.addin.something/main.html?parameter=some@848c5ff4-6a22-405e-a845-732e98511fdd",
"issring": "WW",
"appctx": "{\"oid\":\"dc3f8f9a-c0f8-4243-9a8c-ccf89099cd2b\",\"smtp\":\"my.user@email.test\",\"upn\":\"my.user@email.test\",\"scope\":\"ParentItemId:AAkALgAAAAAAHYQDEapmEc2byACqAC-EWg0Aabol7TmVQkmDNhnSdkE8jAAAiPSJTAAA\"}",
"nbf": 1616077603,
"exp": 1616077903,
"iss": "00000002-0000-0ff1-ce00-000000000000@848c5ff4-6a22-405e-a845-732e98511fdd",
"aud": "00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@848c5ff4-6a22-405e-a845-732e98511fdd",
"happ": "API"
}
对于版本为4.2108.3(32108814)的Android客户端和版本为4.2109.0的iOS客户端,REST API工作正常,但对于版本为4.2108.3(42108814)的Android客户端,它返回403响应
很容易看到第一个标记appctx
在scope
属性中不包含ParentItemId:
。看来这是根本原因
我们将安卓客户端从4.2108.3(32108814)升级到4.2109.2(32109815),它也停止了工作
这是微软Outlook Android版的倒退吗?
我们这边有办法解决吗
下面是失败的响应头
X-CalculatedFETarget: SJ0PR05CU007.internal.outlook.com
X-BackEndHttpStatus: 403;403
X-FEProxyInfo: SJ0PR05CA0185.NAMPRD05.PROD.OUTLOOK.COM
X-CalculatedBETarget: BYAPR01MB5208.prod.exchangelabs.com
X-RUM-Validated: 1
X-BeSku: WCS5
x-ms-appId: ddb00a58-4ace-4bbd-880b-ce841b0ae55d
Rate-Limit-Limit: 10000
Rate-Limit-Remaining: 10000
Rate-Limit-Reset: 2021-03-18T15:11:33.140Z
x-ms-diagnostics: 2000008;reason="The callback token's protocol claim value '{0}' doesn't match the current requested protocol.";error_category="invalid_grant"
OData-Version: 4.0
X-DiagInfo: BYAPR01MB5208
X-BEServer: BYAPR01MB5208
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 403
X-FEServer: SJ0PR05CA0185;SA0PR11CA0029
Cache-Control: private
Date: Thu, 18 Mar 2021 15:11:32 GMT
Server: Microsoft-IIS/10.0
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
您需要提升所需的权限才能继续使用其路由。以前它需要ReadWriteItem。您现在需要ReadWriteEmailBox。在外接程序中,xml manifiest文件概述了此权限
<OfficeApp ...>
...
<Permissions>ReadWriteMailbox</Permissions>
...
</OfficeApp>
...
读写邮箱
...
不幸的是,我找不到微软关于最近这一变化的信件,这一变化似乎是一个多星期前(2021年3月16日)提出的问题。不确定这是否是一种回归,但这是一种变化。这似乎是Android中的一个bug。感谢您报告有关getCallbackTokenAsync的此问题。它已被列入我们的积压工作。不幸的是,目前我们没有时间分享。请遵循此线程获取修复程序的更新。