Azure 应用程序无法访问共享文件夹

问题描述 投票:0回答:1

各位,我已经无计可施了!我尝试访问共享文件夹时收到错误:

Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: 
`GET https://graph.microsoft.com/v1.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL2Yvcy
FBdHVBTV9OYWN3VmFoaUZwdU1HU19CaVFDd1d1/root?expand=children` resulted in a 
`403 Forbidden` response: 

{"error":{"code":"accessDenied","message":"The 
    sharing link no longer exists, or you do not have permission to access 
    it."

,"innerError":{"date":"2023-10-11T05:01:49","request-id":"27bd1fc1-
74f8-4d8d-9a43-41a3aa6a9f02","client-request-id":"27bd1fc1-74f8-4d8d-9a43
-41a3aa6a9f02"}}}

共享取自此StackOverflow Question,如果您单击该链接,则非常可共享,并且可以通过浏览器访问,因此确实存在,所以不存在缺乏访问权限的问题,只是我的应用程序由于某种原因被拒绝。

通常这与没有正确的权限相关,但令牌显示权限是此处 

access token
的一部分:

      "appid": "563e2470-8b86-48dc-9050-20228336584e",
  "appidacr": "1",
  "idp": "https://sts.windows.net/74162350-5947-4628-892f-4ee1d28d88cc/",
  "idtyp": "app",
  "oid": "d9b6b299-ddc2-4708-ac87-2a48beb896f4",
  "rh": "0.AUIAUCMWdEdZKEaJL07h0o2IzAMAAAAAAAAAwAAAAAAAAACkAAA.",
  "roles": [
    "Application.ReadWrite.All",
    "Sites.Read.All",
    "Application.Read.All"
  ],
  "sub": "d9b6b299-ddc2-4708-ac87-2a48beb896f4",
  "tenant_region_scope": "OC",
  "tid": "74162350-5947-4628-892f-4ee1d28d88cc",
  "uti": "rJQ_ra77J0ux9XBeCvMIAA",
  "ver": "1.0",
  "wids": [
    "0997a1d0-0d1d-4acb-b408-d5ca73121e90"
  ],

访问共享的代码段是(失败于

->execute
):

$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/v2.0/token';
/*
* If the client requests scope=https://graph.microsoft.com/.default, no consent prompt is shown, regardless of the contents of the client application's registered permissions for Microsoft Graph. The returned token contains the scopes Mail.Read and User.Read.
*/
$token = json_decode($guzzle->post($url, [
    'form_params' => [
    'client_id' => $clientId,
    'scope' => 'https://graph.microsoft.com/.default',
    'grant_type' => 'client_credentials',
    'client_secret' => $clientSecret,
    ],
])->getBody()->getContents());
$accessToken = $token->access_token;

$graph = new Graph();
$graph->setAccessToken($accessToken);
$user = $graph->createRequest("GET", "/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL2YvcyFBdHVBTV9OYWN3VmFoaUZwdU1HU19CaVFDd1d1/root?expand=children")
       ->setReturnType(Microsoft\Graph\Model\DriveItem::class)
       ->execute();
php azure-active-directory microsoft-graph-api share onedrive
1个回答
1
投票

注意:根据MsDoc,要访问共享文件夹

Files.ReadWrite.All
Sites.ReadWrite.All
 API应用程序权限必须授予Azure AD应用程序。

授予 

Sites.Read.All
权限也可以。

我创建了一个 Azure AD 应用程序并授予了 API 权限,如下所示:

enter image description here

我通过 Postman 使用以下参数生成了 访问令牌

https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
scope↵:https://graph.microsoft.com/.default
grant_type:client_credentials

enter image description here

当我解码访问令牌时,会显示角色

enter image description here

我共享了文件夹并复制了共享网址,如下所示:

enter image description here

我对分享网址进行了编码:

string sharingUrl = "https://xxx.sharepoint.com/:f:/s/testruk/Eqh5o5j4qqNEqHjy4qK9-dgBoU61RnP3UNj0OVtpuUq0J*****";
string base64Value = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(sharingUrl));
string encodedUrl = "u!" + base64Value.TrimEnd('=').Replace('/', '_').Replace('+', '-');

Console.WriteLine(encodedUrl);

enter image description here

我尝试使用以下查询访问共享文件夹并成功获得结果

https://graph.microsoft.com/v1.0/shares/ShareID/root?expand=children

enter image description here

如果问题仍然存在,请检查以下内容:

  • 尝试创建新的 Azure AD 应用程序并生成访问令牌。
  • 确保您在请求中传递了正确的
    ShareID
  • 确保共享链接存在,且共享文件夹未被删除。

参考:

访问共享文件夹时出现“访问被拒绝”错误 - SharePoint

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.