问题
The url https://developer.microsoft.com/en-us/graph/docs/authorization/app_only describes how a service or daemon app can use the client secret configured in the Microsoft Application Registration Portal and obtain access tokens.
The Application Registration Portal has a 'Generate New Key Pair' button to generate public/private key pair. Is there any documentation that describes how to use public/private key pairs and use it to get the access token instead of client secret?
Also i am always getting 'Failed-Network error' when i click the button to generate key pair. The private key is not being downloaded to my machine. I am using Chrome browser.
回答1:
The best place to start is the Service to service calls using client credentials article.
Architecturally, I typically stand up a REST API to act as an intermediary between your daemon and Graph. This gives you a nice abstraction layer to pre-process data from the daemon and reduce overall footprint on the local machine. There is a walkthrough for this scenario available here.There are also a couple of code examples available.
Regarding the downloading of the private .cert file, thank you for reporting this. A fix will be rolled out shortly that resolves the issue for Chrome and Edge. Until then, you can use Firefox as a workaround.
来源:https://stackoverflow.com/questions/43657674/calling-microsoft-graph-in-a-service-or-daemon-app-using-client-assertions-inste