各位,我已经无计可施了!我尝试访问共享文件夹时收到错误:
Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error:
`GET https://graph.microsoft.com/v1.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL2Yvcy
FBdHVBTV9OYWN3VmFoaUZwdU1HU19CaVFDd1d1/root?expand=children` resulted in a
`403 Forbidden` response:
{"error":{"code":"accessDenied","message":"The
sharing link no longer exists, or you do not have permission to access
it."
,"innerError":{"date":"2023-10-11T05:01:49","request-id":"27bd1fc1-
74f8-4d8d-9a43-41a3aa6a9f02","client-request-id":"27bd1fc1-74f8-4d8d-9a43
-41a3aa6a9f02"}}}
共享取自此StackOverflow Question,如果您单击该链接,则非常可共享,并且可以通过浏览器访问,因此确实存在,所以不存在缺乏访问权限的问题,只是我的应用程序由于某种原因被拒绝。
通常这与没有正确的权限相关,但令牌显示权限是此处
access token
的一部分:
"appid": "563e2470-8b86-48dc-9050-20228336584e",
"appidacr": "1",
"idp": "https://sts.windows.net/74162350-5947-4628-892f-4ee1d28d88cc/",
"idtyp": "app",
"oid": "d9b6b299-ddc2-4708-ac87-2a48beb896f4",
"rh": "0.AUIAUCMWdEdZKEaJL07h0o2IzAMAAAAAAAAAwAAAAAAAAACkAAA.",
"roles": [
"Application.ReadWrite.All",
"Sites.Read.All",
"Application.Read.All"
],
"sub": "d9b6b299-ddc2-4708-ac87-2a48beb896f4",
"tenant_region_scope": "OC",
"tid": "74162350-5947-4628-892f-4ee1d28d88cc",
"uti": "rJQ_ra77J0ux9XBeCvMIAA",
"ver": "1.0",
"wids": [
"0997a1d0-0d1d-4acb-b408-d5ca73121e90"
],
访问共享的代码段是(失败于
->execute
):
$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/v2.0/token';
/*
* If the client requests scope=https://graph.microsoft.com/.default, no consent prompt is shown, regardless of the contents of the client application's registered permissions for Microsoft Graph. The returned token contains the scopes Mail.Read and User.Read.
*/
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'scope' => 'https://graph.microsoft.com/.default',
'grant_type' => 'client_credentials',
'client_secret' => $clientSecret,
],
])->getBody()->getContents());
$accessToken = $token->access_token;
$graph = new Graph();
$graph->setAccessToken($accessToken);
$user = $graph->createRequest("GET", "/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL2YvcyFBdHVBTV9OYWN3VmFoaUZwdU1HU19CaVFDd1d1/root?expand=children")
->setReturnType(Microsoft\Graph\Model\DriveItem::class)
->execute();
注意:根据MsDoc,要访问共享文件夹
或Files.ReadWrite.All
API应用程序权限必须授予Azure AD应用程序。Sites.ReadWrite.All
授予
Sites.Read.All
权限也可以。
我创建了一个 Azure AD 应用程序并授予了 API 权限,如下所示:
我通过 Postman 使用以下参数生成了 访问令牌:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:ClientSecret
scope↵:https://graph.microsoft.com/.default
grant_type:client_credentials
当我解码访问令牌时,会显示角色:
我共享了文件夹并复制了共享网址,如下所示:
我对分享网址进行了编码:
string sharingUrl = "https://xxx.sharepoint.com/:f:/s/testruk/Eqh5o5j4qqNEqHjy4qK9-dgBoU61RnP3UNj0OVtpuUq0J*****";
string base64Value = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(sharingUrl));
string encodedUrl = "u!" + base64Value.TrimEnd('=').Replace('/', '_').Replace('+', '-');
Console.WriteLine(encodedUrl);
我尝试使用以下查询访问共享文件夹并成功获得结果:
https://graph.microsoft.com/v1.0/shares/ShareID/root?expand=children
如果问题仍然存在,请检查以下内容:
ShareID
。参考: