graph.microsoft.com 的 .default 作用域是什么
What is the .default scope for graph.microsoft.com
我可以使用服务主体从 https://graph.microsoft.com but when I try to get a token for https://graph.microsoft.com/.default 获取访问令牌 我收到以下错误。
如果我的令牌是在没有这个范围的情况下发行的,可能会产生什么影响?
Get Token request returned http error: 400 and server response:
{
"error": "invalid_resource",
"error_description": "AADSTS500011: The resource principal named https://graph.microsoft.com/.default was not found in the tenant named 4c000000-0000-0000-0000-0000000000. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 00-00-00-00000
Correlation ID: 00-00-00-000
Timestamp: 2020-08-06 00:17:31Z
"error_codes": [ 500011 ],
"timestamp": "2020-08-06 00:17:31Z",
"trace_id": "d301a1cb-8feb-44e0-8b04-e463dd8d5b00",
"correlation_id": "92947479-d924-49fd-8e29-1d7cbe70d289",
"error_uri": "https://login.microsoftonline.com/error?code=500011"
}
我注意到您使用 v1.0 端点来获取访问令牌。一般使用Resource作为请求参数。
对于v1.0端点,一般不需要使用/.default作用域,只有在使用v2.0端点获取时才需要添加/.default作用域令牌。
所以你可以放心使用这个token,这个没有影响。
如果有人想知道 /.default scape 是什么,你可以看看这个 Microsoft doc:
The /.default scope is built in for every application that refers to the static list of permissions configured on the application registration.
所以基本上,/.default 范围从相应的应用程序推断出权限。
我可以使用服务主体从 https://graph.microsoft.com but when I try to get a token for https://graph.microsoft.com/.default 获取访问令牌 我收到以下错误。
如果我的令牌是在没有这个范围的情况下发行的,可能会产生什么影响?
Get Token request returned http error: 400 and server response:
{
"error": "invalid_resource",
"error_description": "AADSTS500011: The resource principal named https://graph.microsoft.com/.default was not found in the tenant named 4c000000-0000-0000-0000-0000000000. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.Trace ID: 00-00-00-00000
Correlation ID: 00-00-00-000
Timestamp: 2020-08-06 00:17:31Z"error_codes": [ 500011 ],
"timestamp": "2020-08-06 00:17:31Z",
"trace_id": "d301a1cb-8feb-44e0-8b04-e463dd8d5b00",
"correlation_id": "92947479-d924-49fd-8e29-1d7cbe70d289",
"error_uri": "https://login.microsoftonline.com/error?code=500011"
}
我注意到您使用 v1.0 端点来获取访问令牌。一般使用Resource作为请求参数。
对于v1.0端点,一般不需要使用/.default作用域,只有在使用v2.0端点获取时才需要添加/.default作用域令牌。
所以你可以放心使用这个token,这个没有影响。
如果有人想知道 /.default scape 是什么,你可以看看这个 Microsoft doc:
The /.default scope is built in for every application that refers to the static list of permissions configured on the application registration.
所以基本上,/.default 范围从相应的应用程序推断出权限。