ios - 如何在 ios 的 Azure AD 中获取已登录用户的电子邮件 ID

Question

在我的应用程序中，我想集成 Azure 日志记录并获取电子邮件 ID 并发送给我的服务器。到目前为止我已经完成了此操作，从中我可以获得访问 token 。

- (void)acquireTokenInteractive:(id)sender
 {
ADTestAppSettings* settings = [ADTestAppSettings settings];
NSString* authority = [settings authority];
NSString* resource = [settings resource];
NSString* clientId = [settings clientId];
NSURL* redirectUri = [settings redirectUri];
ADUserIdentifier* identifier = [self identifier];
ADCredentialsType credType = [self credType];

BOOL validateAuthority = _validateAuthority.selectedSegmentIndex == 0;

ADAuthenticationError* error = nil;
ADAuthenticationContext* context = [[ADAuthenticationContext alloc] initWithAuthority:authority
                                                                    validateAuthority:validateAuthority
                                                                                error:&error];
if (!context)
{
    NSString* resultText = [NSString stringWithFormat:@"Failed to create AuthenticationContext:\n%@", error];
    [_resultView setText:resultText];
    return;
}

[context setCredentialsType:credType];

if ([self embeddedWebView])
{
    [context setWebView:_webView];
    //[_authView setFrame:self.view.frame];

    [UIView animateWithDuration:0.5 animations:^{
        [_acquireSettingsView setHidden:YES];
        [_authView setHidden:NO];
    }];
}

__block BOOL fBlockHit = NO;

[context acquireTokenWithResource:resource
                         clientId:clientId
                      redirectUri:redirectUri
                   promptBehavior:[self promptBehavior]
                   userIdentifier:identifier
             extraQueryParameters:nil
                  completionBlock:^(ADAuthenticationResult *result)
{
    if (fBlockHit)
    {
        dispatch_async(dispatch_get_main_queue(), ^{
            UIAlertController* alert = [UIAlertController alertControllerWithTitle:@"Error!"
                                                                           message:@"Completion block was hit multiple times!"
                                                                    preferredStyle:UIAlertControllerStyleAlert];

            [self presentViewController:alert animated:YES completion:nil];
        });

        return;
    }
    fBlockHit = YES;



    dispatch_async(dispatch_get_main_queue(), ^{
        [self updateResultView:result];

        [_webView loadHTMLString:@"<html><head></head><body>done!</body></html>" baseURL:nil];
        [_authView setHidden:YES];
        [self.view setNeedsDisplay];

        [[NSNotificationCenter defaultCenter] postNotificationName:ADTestAppCacheChangeNotification object:self];
    });
}];

}

但是我如何检索登录用户的电子邮件 ID。 请帮我。 谢谢

Answer 1

您想通过访问 token 访问的资源是什么？如果资源是https://graph.windows.net/ ，您可以使用Azure AD Graph API获取登录用户的电子邮件信息:

GET https://graph.windows.net/me?api-version=1.6
Authorization: Bearer yourAccessToken

如果资源是 https://graph.microsoft.com/ ，您可以使用Microsoft Graph API获取登录用户的电子邮件信息:

Get https://graph.microsoft.com/v1.0/me
Authorization: Bearer yourAccessToken

作为响应，您可以检查 UserPrincipalName 声明值，这是一个可以接收电子邮件的电子邮件地址