Outlook 365 Rest API - 觀衆聲明值無效

Question

我正在研究當前項目，我們已經在使用Identity Server進行身份驗證。在這裏，我們使用Access令牌訪問Microsoft Graph API以獲取會議，個人資料圖片和其他內容。

現在我們要對新的Outlook 365 API進行集成，以便讀取和在將來編寫任務。

我試圖用已有的accessToken獲得從Outlook RESTAPI Outlook任務：

{ 
    "aud": "https://graph.microsoft.com", 
    "iss": "https://sts.windows.net/17e18230-55e1-4f60-8262-5c67e2b2ab11/", 
    "iat": 1145153145, 
    "nbf": 1491225024, 
    "exp": 1491258924, 
    "acr": "1", 
    "aio": "QSQA8/8DAFFFInSl+iIfvSXhA95NqTYRmKugpaLdvffNkba0L8N5x0U=", 
    "amr": [ 
    "pwd" 
    ], 
    "app_displayname": "AwesomeApp.Dev", 
    "appid": "0c2fgc75-f2ee-fas5-ae9f-fasd2s5d523fs", 
    "appidacr": "1", 
    "family_name": "Jesper Krægpøth Ryder", 
    "given_name": "Joshua", 
    "ipaddr": "208.67.222.222", 
    "name": "Joshua Jesper Krægpøth Ryder", 
    "oid": "a4586g1-d0215-3226-ar05-125463gasrqw5", 
    "platf": "3", 
    "puid": "654wf84yu3s1g6", 
    "scp": "Calendars.Read Calendars.Read.Shared Calendars.ReadWrite Directory.Read.All Files.ReadWrite Group.Read.All Mail.ReadWrite Mail.Send Tasks.Read User.Read User.ReadBasic.All User.ReadWrite", 
    "sub": "0s_x0JhaNb1QLpIM2Hldx7pSVkrpTgXKe4QPXXiRguQ", 
    "tid": "15e18430-54e9-4f60-8821-5c85e2b2ab77", 
    "unique_name": "jor@awesome.com", 
    "upn": "jor@awesome.com", 
    "uti": "65a2gasdrfasda_fasfa54153", 
    "ver": "1.0" 
} 

https://outlook.office.com/api/v2.0/me/tasks

錯誤消息：

Content-Length →0 
Date →Tue, 04 Jul 2017 08:35:21 GMT 
Server →Microsoft-IIS/10.0 
WWW-Authenticate →Bearer client_id="00000002-0000-0ff1-ce00-000000000000", 
trusted_issuers="00000001-0000-0000-c000-000000000000@*", 
token_types="app_asserted_user_v1 service_asserted_app_v1", 
authorization_uri="https://login.windows.net/common/oauth2/authorize", 
error="invalid_token",Basic Realm="",Basic Realm="",Basic Realm="" 
X-BEServer →HE1PR0901MB1194 
X-BackEndHttpStatus →401, 401 
X-CalculatedBETarget →HE1PR0901MB1194.eurprd09.prod.outlook.com 
X-CalculatedFETarget →HE1P190CU001.internal.outlook.com 
X-DiagInfo →HE1PR0901MB1194 
X-FEProxyInfo →HE1P190CA0005.EURP190.PROD.OUTLOOK.COM 
X-FEServer →HE1P190CA0005, HE1PR0201CA0031 
X-MSEdge-Ref →Ref A: C32D029EF8F84E68BF6327901BBED14F Ref B: HEL01EDGE0307 
Ref C: Tue Jul 4 01:35:21 2017 PST 
X-Powered-By →ASP.NET 
request-id →2266567a-dd67-48f0-b3b4-72cfb5ee6b42 
x-ms-diagnostics →2000003;reason="The audience claim value is invalid 
'https://graph.microsoft.com'.";error_category="invalid_resource" 

在我們使用的身份服務器中間件來處理我們的示波器，如下所示：

 app.UseMicrosoftAccountAuthentication(new MicrosoftAccountOptions 
     { 
      AuthenticationScheme = "Microsoft", 
      DisplayName = "Microsoft", 
      SignInScheme = cookieScheme, 
      ClientId = Configuration.GetValue<string>("ExternalKeys:SecretMicrosoftClientId"), 
      ClientSecret = Configuration.GetValue<string>("ExternalKeys:SecretMicrosoftClientSecret"), 
      CallbackPath = new PathString("/signin-microsoft"), 
      Scope = 
      { 
       "offline_access", 
       "Calendars.Read", 
       "Calendars.Read.Shared", 
       "https://outlook.office.com/tasks.read" 
      }, 

      SaveTokens = true, 

     }); 

當我們嘗試登錄時，系統會提示您提供其他任務訪問要求。所以我們應該可以訪問任務API。

其他人試圖同時使用Microsoft圖形API和新的Outlook 365 Rest API？

Answer 1

新的答案：
阿比已經正式發佈，並可以在這裏找到 https://msdn.microsoft.com/en-us/office/office365/api/task-rest-operations

工作作用域爲我們的項目：

Scope = 
{ 
    "offline_access", 
    "Calendars.Read", 
    "Calendars.Read.Shared", 
    "Tasks.Readwrite" 
}, 

老答案：

不能使用令牌針對Outlook端點針對圖表（"aud": "https://graph.microsoft.com"）發佈。你需要一個令牌"aud": "https://outlook.office.com"。爲了得到你需要做的另一個身份驗證請求與您的所有範圍的完全限定與Outlook域到Azure：

Scope = 
{ 
    "offline_access", 
    "https://outlook.office.com/Calendars.Read", 
    "https://outlook.office.com/Calendars.Read.Shared", 
    "https://outlook.office.com/tasks.read" 
}, 

但是，因爲你已經在使用圖表，你可以只通過訪問任務圖也:)。 Graph最近將任務支持添加到了他們的Beta端點：https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/outlooktask。