Authorization Denied trying to access Bookings Api in Microsoft Graph

后端 未结 1 594
半阙折子戏
半阙折子戏 2021-01-25 23:08

I am trying to create an app that runs from an AWS lambda that acts as a middle man for customers wanting to sign up for a booking using Microsoft Bookings. Following the docume

1条回答
  •  无人及你
    2021-01-26 00:08

    We can see the document shows the graph api(bookingBusinesses) which you want to request requires delegated type permissions and not support application type permission.

    So we can not use "client_credentials" grant flow, your code shows you use "client_credentials" as the grant type. You can use "username/password" grant flow to get the access token instead. So the param you request for the access token should be like below:

    const requestParams = {
        client_id: APP_ID,
        client_secret: APP_SECRET,
        grant_type: "password",
        scope: "https://graph.microsoft.com/.default",
        username: "your user name/email(like xxxxx@xxx.onmicrosoft.com)",
        password: "your password"
    };
    

    By the way, I noticed the "TOKEN_ENDPOINT" in your code is https://login.microsoftonline.com/${process.env.BOOKINGS_TENANT_NAME}.onmicrosoft.com/oauth2/token and you use both params resource and scope in requestParams. If we use v1 endpoint as your code, we just need to use the param resource. If we use v2 endpoint(https://login.microsoftonline.com/${process.env.BOOKINGS_TENANT_NAME}.onmicrosoft.com/oauth2/v2.0/token), we need to use use the param scope instead of the param resource. The code I provided above use v2, so I use scope param and you also need to change the "TOKEN_ENDPOINT" to v2(just add a v2.0 between the oauth2/ and /token).

    If you don't want to change the "TOKEN_ENDPOINT" to v2, just use the params like below:

    const requestParams = {
        client_id: APP_ID,
        client_secret: APP_SECRET,
        grant_type: "password",
        resource: "https://graph.microsoft.com",
        username: "your user name/email(like xxxxx@xxx.onmicrosoft.com)",
        password: "your password"
    };
    

    Hope it helps~

    0 讨论(0)
提交回复
热议问题