我正在尝试为我注册的 Azure AD 应用程序获取不记名令牌,以通过 API 读取我的所有共享点网站
我按照微软的指南进行了操作:授予应用程序权限 https://learn.microsoft.com/bs-latn-ba/azure/active-directory/manage-apps/configure-user-consent and b 给自己一个令牌 https://learn.microsoft.com/de-de/graph/auth-v2-service#4-get-an-access-token
so I now a) have all required permissions:
and b) received a token when using the scope https://graph.microsoft.com/.default
所以这是我的问题:当我尝试获取令牌时,可以说https://microsoft.sharepoint-df.com/Sites.Read.All
:
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
Body:x-www-form-urlencoded
client_id={appId}
scope=https://microsoft.sharepoint-df.com/Sites.Read.All
client_secret={secret},
grant_type=client_credentials
我得到的只是一个错误:
"error": "invalid_scope",
"error_description": "AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://microsoft.sharepoint-df.com/Sites.ReadWrite.All is not valid.\r\nTrace ID: ...\r\nCorrelation ID: ...\r\nTimestamp: 2019-06-09 07:35:21Z",
"error_codes": [
70011
],
难道我做错了什么?我也尝试过范围https://{{tenantName}}.sharepoint.com/Sites.Read.All