MS Graph API邮件问题与 POST 和范围

编程问答 2022-05-25

问题描述

试图让它工作并且 GET / Patch 工作得很好,但 POST 给了我 HTTP 状态 400 和 403。必须是带有范围的东西。在 Azure AD 中,我设置了以下范围:

  const fieldValue = props.sdk.field.getValue();
  const [exercises,setExercises] = useState(fieldValue || []);

因此,登录工作正常,获取/修补消息也是如此。只有 POST 似乎不起作用。 有关确切的错误消息,请参阅代码

Angular10

应用模块

Mail.ReadWrite (Delegated)
Mail.ReadWrite (Application)
Mail.Send Delegated)
Mail.Send (Application)

身份验证服务

export function MSALInstanceFactory(): IPublicclientApplication {
      return new PublicclientApplication({
        auth: {
          clientId: 'xxxx',authority: 'https://login.microsoftonline.com/common/',redirectUri: '/',postlogoutRedirectUri: '/#/login'
        },cache: {
          cacheLocation: browserCacheLocation.LocalStorage,storeAuthStateInCookie: isIE,// set to true for IE 11
        },system: {
          loggerOptions: {
            loggerCallback,logLevel: LogLevel.Info,piiLoggingEnabled: false
          }
        }
      });
    }

    export function MSALInterceptorConfigFactory(): MsalInterceptorConfiguration {
      const protectedResourceMap = new Map<string,Array<string>>();
      protectedResourceMap.set('https://graph.microsoft.com/v1.0/me',['user.read','mail.readWrite','email']);
      // also tried these scopes .. 
      // protectedResourceMap.set('https://graph.microsoft.com/v1.0','email']);
      // protectedResourceMap.set('https://graph.microsoft.com/v1.0/query','email']);
      // protectedResourceMap.set('https://graph.microsoft.com/v1.0/search/query','email']);

      return {
        interactionType: InteractionType.Redirect,protectedResourceMap
      };
    }

    export function MSALGuardConfigFactory(): MsalGuardConfiguration {
      return { interactionType: InteractionType.Redirect };
    }

@NgModule({
    imports: [
      browserModule,// etc..
    ],declarations: [AppComponent],providers: [
      NgEventBus,ChhServices,SynclogService,AppService,AuthService,GapiServices,{
        provide: ErrorHandler,useClass: ErrorService,},{
        provide: HTTP_INTERCEPTORS,useClass: MsalInterceptor,multi: true
      },{
        provide: MSAL_INSTANCE,useFactory: MSALInstanceFactory
      },{
        provide: MSAL_GUARD_CONfig,useFactory: MSALGuardConfigFactory
      },{
        provide: MSAL_INTERCEPTOR_CONfig,useFactory: MSALInterceptorConfigFactory
      },MsalService,MsalGuard,MsalbroadcastService
    ],bootstrap: [AppComponent],})
  export class AppModule { }

解决方法

// 403 Forbidden
// "code": "ErrorAccessDenied",// "message": "Access is denied. Check credentials and try again."

Send mail API 需要 Mail.Send 权限。当请求基于当前登录用户的 /me 端点时,它应该具有委托权限

因此您需要在门户中添加 Mail.Send 的委派权限并将其添加到您的代码中。

// 400 Bad Request
// "code": "AuthenticationError",// "message": "Error authenticating with resource"

searchEntity: query API 需要 Mail.ReadWrite 委派权限。此 api 仅支持“工作或学校帐户”。工作帐户通常使用组织的自定义域名或公司名称,例如“[email protected]”或“[email protected]”。

enter image description here

您可以测试以在 Graph Explorer 中请求 api。

angular10azure-active-directorymicrosoft-graph-apipostscopes