问题
I am trying to create a Daemon (code-only, server-only) app that can access my Personal Microsoft Account. I cannot figure out how to get an Access_Token that does not expire (or a refresh_token).
I can create a working non-expiring (admin logs in only once) Daemon app for my Business (Office 365) Account using the "adminconsent" endpoint detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-client-creds/ or here: https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-microsoft-graph/. Unfortunately, I cannot use the "adminconsent" endpoint with my personal account -- returns "This operation can only be performed by an administrator" error. Is there a way I can enable adminconsent for my personal account?
OR
For my personal account, I can use the "authorize" endpoint (as detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-scopes/) and it returns a code (that expires) that can be used to obtain the "access_token"; which works fine in Graph API -- until the access_token expires (3600 seconds). It does not return a "refresh_token". So, after the code/token expires, it then requires the user to log in again. How can I use the authorize endpoint to then obtain tokens that can be refreshed via code only?
回答1:
Include the offline_access scope to get a refresh token. Be sure to replace your refresh token with the new one that comes back each time you refresh.
来源:https://stackoverflow.com/questions/40078444/graph-api-daemon-app-with-access-to-a-personal-microsoft-account-azure-ad-v2