我正在尝试使用 EWS-java-api 构建一个 Android 应用程序,以使用适用于 Android 的 Active Directory 身份验证库为 Office365 用户获取带有 oAuth2 token 的 EWS 数据。与本文中针对 .net 显示的内容类似。 下面是代码:
// Code to acquire token after registering the native application in Azure active directory
authenticationContext.acquireToken(<activity context>,
"<resource id: copied from the manifest file tag <resourceAppId> of Azure active directory after adding permission>",
"<Application id of the registered app in AAD>",
"<Application Redirect URI>", email, PromptBehavior.Always, "", AuthenticationCallback);
//We receive AuthenticationResult object containing authentication token in AuthenticationCallback onSuccess method and then call an async task to fetch EWS data
ExchangeService exchangeService = new ExchangeService();
exchangeService.setTraceEnabled(true);
exchangeService.getHttpHeaders().put("Authorization", "Bearer " + mAuthenticationResult.getAccessToken());
exchangeService.setUrl(URI.create("https://outlook.office365.com/EWS/Exchange.asmx"));
我能够获得 oAuth token ,但我无法接收交换数据,它在使用以下代码获取数据时给我未经授权和禁止的访问。
CalendarFolder calendarFolder = CalendarFolder.bind(service, WellKnownFolderName.Calendar);
findResults = calendarFolder.findAppointments(new CalendarView(startDate, endDate));
此外,我不确定我在 azure 门户中设置的配置。如果您能了解如何设置 Azure AD 应用程序以通过 Android 中的 oAuth 身份验证获取 EWS 数据,那就太好了。
编辑:
以下是我的访问 token 的声明:
这是我为访问 token 获取的 JSON。使用此访问 token ,我在访问日历文件夹时收到的错误是 401 未经授权的访问。
JSON: {
typ: "JWT",
alg: "RS256",
x5t: "RrQqu9rydBVRWmcocuXUb20HGRM",
kid: "RrQqu9rydBVRWmcocuXUb20HGRM"
}.
{
aud: "6ae5db95-0af3-45b6-afce-17851abc9d55",
iss: "https://sts.windows.net/06d03691-efd5-43c5-8ec9-81e57c75f63c/",
iat: 1480554267,
nbf: 1480554267,
exp: 1480558167,
acr: "1",
amr: [
"pwd"
],
appid: "410db643-4efc-4dac-8e6f-bbf05da561e1",
appidacr: "0",
e_exp: 10800,
family_name: "Dhingra",
given_name: "Surbhi",
ipaddr: "112.110.19.113",
name: "Surbhi Dhingra",
oid: "52c73152-0add-4e68-8d60-54c03a35a4b9",
platf: "1",
scp: "user_impersonation",
sub: "hUaeKxiMI-m7nNNo2c5kMYd501Blw5QQ9SNPnP1Ei_c",
tid: "06d03691-efd5-43c5-8ec9-81e57c75f63c",
unique_name: "surbhi.dhingra@<onmicrosoft domain>.com",
upn: "surbhi.dhingra@<onmicrosoft domain>.com",
ver: "1.0"
}.
错误日志:microsoft.exchange.webservices.data.core.exception.service.remote.ServiceRequestException:请求失败。请求失败。远程服务器返回错误:(401)未经授权 在 microsoft.exchange.webservices.data.core.request.SimpleServiceRequestBase.internalExecute(SimpleServiceRequestBase.java:74) W/System.err:位于 microsoft.exchange.webservices.data.core.request.MultiResponseServiceRequest.execute(MultiResponseServiceRequest.java:158) W/System.err:位于 microsoft.exchange.webservices.data.core.ExchangeService.bindToFolder(ExchangeService.java:504) 在 microsoft.exchange.webservices.data.core.ExchangeService.bindToFolder (ExchangeService.java:523) 在 microsoft.exchange.webservices.data.core.service.folder.CalendarFolder.bind(CalendarFolder.java:60) 在 microsoft.exchange.webservices.data.core.service.folder.CalendarFolder.bind(CalendarFolder.java:108)
最佳答案
似乎有一个已回答的SO线程EWS error message: "403: Forbidden - Not enough scopes"这与您的问题类似。
Only Office 365 REST APIs support granular access such as "Read and write email from all mailboxes". For EWS, you need the permission "Use Exchange Web Services with full access to all mailboxes". Let us know if you have trouble finding this permission.
因此,您需要在管理门户上的 Azure AD 中移至应用程序的CONFIGURE 选项卡,然后向您的应用程序添加 Office 365 Exchange Online 权限并启用使用对所有邮箱具有完全访问权限的Exchange Web Services,最后保存您的配置,请参阅下面的步骤和图。
移至 Azure AD 中应用程序的
CONFIGURE选项卡
向您的应用程序添加
Office 365 Exchange Online权限
启用
使用具有对所有邮箱的完全访问权限的 Exchange Web 服务
保存您的配置。
关于android - 使用 OAuth token 进行身份验证并获取 EWS 数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40840615/