Fatal编程技术网
  • sharepoint/
  • Sharepoint Microsoft MSAL-向多个作用域获取令牌

Sharepoint Microsoft MSAL-向多个作用域获取令牌

sharepoint microsoft-graph-api

Sharepoint Microsoft MSAL-向多个作用域获取令牌,sharepoint,microsoft-graph-api,msal,Sharepoint,Microsoft Graph Api,Msal,在Azure Active Directory中,我有一个应用程序需要同时使用MicrosoftGraphAPI和SharePointAPI,作用域如下: GraphAPI范围: "https://graph.microsoft.com/User.Read.All", "https://graph.microsoft.com/Group.Read.All", "https://graph.microsoft.com/Sites.Read.All", "https://graph.microsof

在Azure Active Directory中,我有一个应用程序需要同时使用MicrosoftGraphAPI和SharePointAPI,作用域如下:

GraphAPI范围:

"https://graph.microsoft.com/User.Read.All",
"https://graph.microsoft.com/Group.Read.All",
"https://graph.microsoft.com/Sites.Read.All",
"https://graph.microsoft.com/Calendars.Read.Shared",
"https://graph.microsoft.com/MailboxSettings.Read",
"https://graph.microsoft.com/Files.Read.All"

"https://microsoft.sharepoint-df.com/AllSites.Read",
"https://microsoft.sharepoint-df.com/AllSites.FullControl",
"https://microsoft.sharepoint-df.com/User.Read.All"

SharePointAPI作用域:

"https://graph.microsoft.com/User.Read.All",
"https://graph.microsoft.com/Group.Read.All",
"https://graph.microsoft.com/Sites.Read.All",
"https://graph.microsoft.com/Calendars.Read.Shared",
"https://graph.microsoft.com/MailboxSettings.Read",
"https://graph.microsoft.com/Files.Read.All"

"https://microsoft.sharepoint-df.com/AllSites.Read",
"https://microsoft.sharepoint-df.com/AllSites.FullControl",
"https://microsoft.sharepoint-df.com/User.Read.All"
我正在尝试获取应用程序的令牌:

from msal import PublicClientApplication
AUTHORITY = 'https://login.microsoftonline.com/common'

scopes = [ "https://microsoft.sharepoint-df.com/AllSites.Read",
           "https://microsoft.sharepoint-df.com/AllSites.FullControl",
           "https://microsoft.sharepoint-df.com/User.Read.All"
           "https://graph.microsoft.com/User.Read.All",
           "https://graph.microsoft.com/Group.Read.All",
           "https://graph.microsoft.com/Sites.Read.All",
           "https://graph.microsoft.com/Calendars.Read.Shared",
           "https://graph.microsoft.com/MailboxSettings.Read",
           "https://graph.microsoft.com/Files.Read.All"
         ]

app = PublicClientApplication(client_id, authority=AUTHORITY)
flow = app.initiate_device_flow(scopes=scopes)
但在WebUI中批准应用程序后,我得到以下错误:

'error_description': 'AADSTS28000: Provided value for the input parameter scope is not valid 
because it contains more than one resource. Scope https://graph.microsoft.com/Calendars.Read.Shared 
https://graph.microsoft.com/Files.Read.All https://graph.microsoft.com/Group.Read.All 

https://graph.microsoft.com/MailboxSettings.Read https://graph.microsoft.com/Sites.Read.All 

https://graph.microsoft.com/User.Read.All https://microsoft.sharepoint-df.com/AllSites.FullControl 
https://microsoft.sharepoint-df.com/AllSites.Read https://microsoft.sharepoint-df.com/User.Read.All 
offline_access openid profile is not valid'
这是预期的行为。您不能混合使用资源(图形、sharepoint等),但可以

您可以在MSAL中实现这一点:

PublicClientApplication.AcquireTokenByRefreshToken(IEnumerable作用域,字符串refreshToken);
我不知道这是预期的行为。谢谢你澄清:)