问题
So basically I need to access the contacts of an office 365 user. I use the Microsoft graph API and I successfully can get all the contacts via an HTTP GET in a JSON. But now I'm trying to write a JSON to the https://graph.microsoft.com/v1.0/me/contacts API with an HTTP POST, but I get a 403 - Permission Denied every time. So I went to https://jwt.io/ and checked my access token and saw that I don't have the permissions to write in the contacts.
I get those permissions:
"scp": "Contacts.Read openid profile User.Read"
Even though I only set Contacts.ReadWrite in the App Registration settings on the Azure portal.
Permissions
I've tried updating the permissions but that didn't help.
回答1:
If you have changed the permissions, users need to consent again.
You can force user consent through a url request, append &prompt=consent to the authentication request URL.
https://login.microsoftonline.com/{tenant}/oauth2/authorize?
client_id={your_client_id}
&response_type=code
&response_mode=query
&resource=https://graph.microsoft.com
&state=12345
&prompt=consent
Or you just grant consent on behalf of all users in this directory. Granting admin consent for all users means that end users will not be shown a consent screen when using the application.
来源:https://stackoverflow.com/questions/56888424/microsoft-graph-access-token-contains-wrong-permission-for-contacts-api