我的Java项目中使用的是微软Graph的Java库。我的代码如下。
String clientId = "my client id";
List<String> scopes = Arrays.asList("https://graph.microsoft.com/calendars.read");
String clientSecret = "my client secret";
String tenant = "my tenant id";
NationalCloud nationalCloud = NationalCloud.Global;
ClientCredentialProvider authProvider = new ClientCredentialProvider(
clientId,
scopes,
clientSecret,
tenant,
nationalCloud);
IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
Calendar calendar = graphClient.me().calendar()
.buildRequest()
.get();
来自portal.azure.com的权限快照 Permissions snapshot from portal.azure.com:
当我运行代码时,得到以下错误信息:
OAuthProblemException{error='invalid_scope', description='AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/calendars.read is not valid.
Trace ID: f5962e73-9665-4967-9aa5-4993a6698f00
Correlation ID: 3fc539c4-f62f-4858-b2f6-cb4e1d6c6a3a
Timestamp: 2020-05-07 11:44:29Z', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}
at org.apache.oltu.oauth2.common.exception.OAuthProblemException.error(OAuthProblemException.java:59)
at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validateErrorResponse(OAuthClientValidator.java:63)
at org.apache.oltu.oauth2.client.validator.OAuthClientValidator.validate(OAuthClientValidator.java:48)
at org.apache.oltu.oauth2.client.response.OAuthClientResponse.validate(OAuthClientResponse.java:64)
at org.apache.oltu.oauth2.client.response.OAuthClientResponse.init(OAuthClientResponse.java:59)
at org.apache.oltu.oauth2.client.response.OAuthAccessTokenResponse.init(OAuthAccessTokenResponse.java:52)
at org.apache.oltu.oauth2.client.response.OAuthClientResponseFactory.createCustomResponse(OAuthClientResponseFactory.java:60)
at org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:111)
at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:65)
at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:55)
at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:71)
at com.microsoft.graph.auth.confidentialClient.ClientCredentialProvider.getAccessTokenNewRequest(ClientCredentialProvider.java:102)
at com.microsoft.graph.auth.confidentialClient.ClientCredentialProvider.getAcccessToken(ClientCredentialProvider.java:67)
at com.microsoft.graph.auth.confidentialClient.ClientCredentialProvider.authenticateRequest(ClientCredentialProvider.java:49)
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:232)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:204)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:184)
at com.microsoft.graph.http.BaseRequest.send(BaseRequest.java:306)
at com.microsoft.graph.requests.extensions.CalendarRequest.get(CalendarRequest.java:52)
at cmm_tests.MSGraph.main(MSGraph.java:55)
我已经安装了以下maven依赖项。
<dependency>
<groupId>org.apache.oltu.oauth2</groupId>
<artifactId>org.apache.oltu.oauth2.client</artifactId>
<version>1.0.1</version>
</dependency>
<dependency>
<groupId>com.microsoft.graph</groupId>
<artifactId>microsoft-graph-core</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>microsoft-graph-auth-jar</groupId>
<artifactId>microsoft-graph-auth-jar</artifactId>
<version>0.1.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.microsoft.graph</groupId>
<artifactId>microsoft-graph</artifactId>
<version>1.5.0</version>
</dependency>
我不得不手动下载microsoft-graph-auth的jar,然后用mvn install:install-file进行安装。
为什么会出现 "无效范围 "的错误?
是不是因为 "委托 "的权限?
这个问题不是因为 "委托 "权限。
您使用的是 客户端凭证提供者(ClientCredentialProvider) 而这个提供者设置 grant_type=client_credentials
中的登录网址。它将只使用 https://graph.microsoft.com/.default
作为其范围。
您需要使用 https://graph.microsoft.com/.default
的范围来解决你的问题。它将给你在你的应用程序中定义的权限。