Can't access one drive through graph API using Azure app

六眼飞鱼酱① 提交于 2020-08-10 20:28:10

问题


I am referring this medium blog and the official document from Microsoft to access one drive through graph API using the Azure app. I am using the following node.js code to get access token for Microsoft Graph API:

const axios = require('axios');
const qs = require('qs');

const postData = {
 client_id: client_id from azure app,
 scope: 'https://graph.microsoft.com/.default',
 client_secret: app_secret from azure app
 grant_type: 'client_credentials'
};

axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded';

try{
  let res = await axios.post('https://login.microsoftonline.com/{tenant from azure app}/oauth2/v2.0/token', qs.stringify(postData));
  console.log(res.data);
}catch (e) {
   console.log(e.message);
}

The above code returns the following response:

{
token_type: 'Bearer',
expires_in: 3599,
ext_expires_in: 3599,
access_token: 'value of access token'
}

Everything works fine till the above step. I take the access token from the above response and try to execute the following graph API to access one drive:

 let config = { headers:
     {'Authorization': "Bearer "+ res.data.access_token}  # Obtain access token from the above response
 };
 let res_drive = await axios.get("https://graph.microsoft.com/v1.0/me/drive/sharedWithMe", config);

However, the above graph API call returns the following response:

{
  "error": {
    "code": "BadRequest",
    "message": "Unable to retrieve user's mysite URL.",
    "innerError": {
      "date": "2020-07-02T14:08:36",
      "request-id": "67ef24fa-XXXX-XXXX-853a-XXXXXXXXXXXX"
    }
  }
}

I have also set the permission to access graph API using Azure application as shown below:

Please let me know in case I am missing something.

How can I access one drive through graph API using the Azure app?


回答1:


The way how token is acquired in your example corresponds to OAuth client credentials grant flow (application permissions). There is no me context available in this flow (it just an alias for the signed-in user) since there is no presence of signed-in user in this flow and that's the reason why the provided error occurs in the first place.

To call shared files endpoint in this flow, user needs to be explicitly provided:

https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/drive/sharedWithMe


来源:https://stackoverflow.com/questions/62698690/cant-access-one-drive-through-graph-api-using-azure-app

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!