API 权限:无法使用 Microsoft Azure Active Directory 检索 Microsoft Ads 帐户和 Merchant Center 数据

问题描述 投票:0回答:1

我正在开发一个 Laravel 项目,使用 Socialite 来使用 Microsoft 帐户对用户进行身份验证和登录。我已在 Azure 门户中使用“支持的帐户类型:所有 Microsoft 帐户用户”设置创建了一个应用程序。身份验证过程运行良好,我可以成功获取基本的用户详细信息,例如 ID、姓名和电子邮件。 但是,我无法使用 Microsoft Azure Active Directory 检索用户的广告帐户和 Merchant Center 信息。我已检查 Azure 门户,但找不到必要的 API 权限/范围,例如 

ads.manage
。我想知道如何启用这些权限并正确配置我的 Azure 应用程序以获取所需的数据。

<?php

namespace SocialiteProviders\Microsoft;

use Illuminate\Support\Arr;
use GuzzleHttp\RequestOptions;
use Illuminate\Support\Facades\Log;
use GuzzleHttp\Exception\ClientException;
use SocialiteProviders\Manager\OAuth2\AbstractProvider;
use SocialiteProviders\Microsoft\MicrosoftUser as User;

class Provider extends AbstractProvider
{
    public const IDENTIFIER = 'MICROSOFT';

    protected const DEFAULT_FIELDS_USER = ['id', 'displayName', 'userPrincipalName'];
    protected const DEFAULT_FIELDS_ADS_ACCOUNTS = ['id', 'name', 'customerId'];
    protected const DEFAULT_FIELDS_MERCHANT_ACCOUNTS = ['id', 'name'];

    protected $scopes = [
        'https://graph.microsoft.com/User.Read',
        'https://ads.microsoft.com/msads.manage',
        'offline_access',
    ];

    protected function getAuthUrl($state)
    {
        return $this->buildAuthUrlFromBase(
            'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
            $state
        );
    }

    protected function getTokenUrl()
    {
        return 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
    }

    protected function getUserByToken($token)
    {
        $user = $this->getUserData($token, 'https://graph.microsoft.com/v1.0/me', self::DEFAULT_FIELDS_USER);

        if (!$user) {
            return [];
        }

        try {
            $adsAccounts = $this->getUserData($token, 'https://ads.microsoft.com/api/v13/accounts', self::DEFAULT_FIELDS_ADS_ACCOUNTS);
        } catch (ClientException $e) {
            Log::error('Failed to fetch ads accounts', ['exception' => $e, 'user' => $user]);
            $adsAccounts = [];
        }

        try {
            $merchantAccounts = $this->getUserData($token, 'https://marketing.microsoft.com/rest/v1/merchantcenters', self::DEFAULT_FIELDS_MERCHANT_ACCOUNTS);
        } catch (ClientException $e) {
            Log::error('Failed to fetch merchant accounts', ['exception' => $e, 'user' => $user]);
            $merchantAccounts = [];
        }

        $user['adsAccounts'] = $adsAccounts;
        $user['merchantAccounts'] = $merchantAccounts;

        return $user;
    }

    protected function mapUserToObject(array $user)
    {
        return (new User())->setRaw($user)->map([
            'id' => $user['id'],
            'nickname' => null,
            'name' => $user['displayName'],
            'email' => $user['userPrincipalName'],
            'avatar' => Arr::get($user, 'avatar'),
            'adsAccounts' => Arr::get($user, 'adsAccounts'),
            'merchantAccounts' => Arr::get($user, 'merchantAccounts'),
            'tenant' => Arr::get($user, 'tenant'),
        ]);
    }

    protected function getTokenFields($code)
    {
        return array_merge(parent::getTokenFields($code), [
            'scope' => $this->formatScopes($this->getScopes(), $this->scopeSeparator),
        ]);
    }

    public static function additionalConfigKeys()
    {
        return ['tenant', 'include_tenant_info', 'include_avatar', 'include_avatar_size', 'fields', 'tenant_fields'];
    }

    protected function getUserData($token, $url, $fields)
    {
        $response = $this->getHttpClient()->get($url, [
            RequestOptions::HEADERS => [
                'Accept' => 'application/json',
                'Authorization' => 'Bearer ' . $token,
            ],
            RequestOptions::QUERY => [
                '$select' => implode(',', $fields),
            ],
        ]);

        $data = json_decode((string) $response->getBody(), true);

        if (!$data) {
            return [];
        }

        return $data;
    }
}



    'microsoft' => [
    'client_id' => env('MICROSOFT_CLIENT_ID'),
    'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
    'tenant_id' => env('MICROSOFT_TENANT_ID'),
    'redirect' => env('MICROSOFT_REDIRECT_URI'),
    'tenant' => 'common',
    'include_tenant_info' => true,
],



MICROSOFT_CLIENT_ID=*****
MICROSOFT_CLIENT_SECRET=***
MICROSOFT_TENANT_ID=**
MICROSOFT_REDIRECT_URI=https://infinitemsfeed.com/microsoft/auth




    public function redirectToMicrosoft()
    {
        return Socialite::driver('microsoft')->redirect();
    }
    
    public function handleMicrosoftCallback()
    {
        // return "abcdefghi";
        $user = Socialite::driver('microsoft')->user();
    
        return $user;
    }





const handleMicrosoftLogin = () => {
  window.open("https://infinitemsfeed.com/auth/microsoft?token=" + window.sessionToken, "_blank")
}

php laravel microsoft-graph-api scopes bing-ads-api
1个回答
0
投票

在搜索字段中搜索

App Registerations
。在该页面上,您可以创建所需的 CLIENT_ID、CLIENT_SECRET 和 REDIRECT_URI。

旁注:也许您应该考虑使用这个包

composer require socialiteproviders/microsoft
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.