1. 首頁
  2. 問答
  3. 從Microsoft Graph API接收訪問令牌但不是刷新令牌

從Microsoft Graph API接收訪問令牌但不是刷新令牌

2017-03-01 190 views
0

我正在使用Graph API從Outlook獲取日曆數據。爲此,我通過OAuth2.0 API對用戶進行身份驗證。當用戶授予權限時,我可以毫無問題地獲得訪問令牌。但不幸的是不是刷新令牌來刷新訪問令牌。從Microsoft Graph API接收訪問令牌但不是刷新令牌

這是我的代碼:

<?php 
$client_id = "MY_CLIENT_ID"; 
$client_secret = "MY_CLIENT_SECRET"; 
$redirect = "MY_REDIRECT_URI"; 

if (!isset($_GET["code"])) { 
    ?> 
    <a class="btn btn-default-active" href="<?php 
     echo "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?" 
     . "client_id=$client_id" 
     . "&" 
     . "scope=" 
     . "https%3A%2F%2Fgraph.microsoft.com%2FUser.Read" 
     . "%20" 
     . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read" 
     . "%20" 
     . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read.Shared" 
     . "&response_type=code" 
     . "&redirect_uri=" . urlencode($redirect); 
     ?>">Mit Office 365 verbinden</a><?php 
} else { 
    $code = $_GET["code"]; 

    $curl = curl_init(); 

    curl_setopt_array($curl, array(
     CURLOPT_URL => "https://login.microsoftonline.com/common/oauth2/v2.0/token", 
     CURLOPT_RETURNTRANSFER => true, 
     CURLOPT_ENCODING => "", 
     CURLOPT_MAXREDIRS => 10, 
     CURLOPT_TIMEOUT => 30, 
     CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, 
     CURLOPT_CUSTOMREQUEST => "POST", 
     CURLOPT_HTTPHEADER => array(
      "Content-type"=>"application/x-www-form-urlencoded", 
      "Content-Length"=>144 
     ), 
     CURLOPT_POSTFIELDS => array(
      "grant_type" => "authorization_code", 
      "client_id" => $client_id, 
      "client_secret" => $client_secret, 
      "code" => $code, 
      "redirect_uri" => $redirect), 
    )); 

    $response = curl_exec($curl); 
    $err = curl_error($curl); 

    curl_close($curl); 

    if ($err) { 
     echo "cURL Error #:" . $err; 
    } else { 
     echo $response; 
    } 
} 
?>

我不喜歡它從微軟的官方文檔(https://docs.microsoft.com/en-US/azure/active-directory/develop/active-directory-protocols-oauth-code),但仍然沒有得到刷新令牌,而文檔中的反應看起來像這樣:

{ 
    "access_token": " eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1THdqcHdBSk9NOW4tQSJ9.eyJhdWQiOiJodHRwczovL3NlcnZpY2UuY29udG9zby5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0NzdlLyIsImlhdCI6MTM4ODQ0MDg2MywibmJmIjoxMzg4NDQwODYzLCJleHAiOjEzODg0NDQ3NjMsInZlciI6IjEuMCIsInRpZCI6IjdmZTgxNDQ3LWRhNTctNDM4NS1iZWNiLTZkZTU3ZjIxNDc3ZSIsIm9pZCI6IjY4Mzg5YWUyLTYyZmEtNGIxOC05MWZlLTUzZGQxMDlkNzRmNSIsInVwbiI6ImZyYW5rbUBjb250b3NvLmNvbSIsInVuaXF1ZV9uYW1lIjoiZnJhbmttQGNvbnRvc28uY29tIiwic3ViIjoiZGVOcUlqOUlPRTlQV0pXYkhzZnRYdDJFYWJQVmwwQ2o4UUFtZWZSTFY5OCIsImZhbWlseV9uYW1lIjoiTWlsbGVyIiwiZ2l2ZW5fbmFtZSI6IkZyYW5rIiwiYXBwaWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctODkwYS0yNzRhNzJhNzMwOWUiLCJhcHBpZGFjciI6IjAiLCJzY3AiOiJ1c2VyX2ltcGVyc29uYXRpb24iLCJhY3IiOiIxIn0.JZw8jC0gptZxVC-7l5sFkdnJgP3_tRjeQEPgUn28XctVe3QqmheLZw7QVZDPCyGycDWBaqy7FLpSekET_BftDkewRhyHk9FW_KeEz0ch2c3i08NGNDbr6XYGVayNuSesYk5Aw_p3ICRlUV1bqEwk-Jkzs9EEkQg4hbefqJS6yS1HoV_2EsEhpd_wCQpxK89WPs3hLYZETRJtG5kvCCEOvSHXmDE6eTHGTnEgsIk--UlPe275Dvou4gEAwLofhLDQbMSjnlV5VLsjimNBVcSRFShoxmQwBJR_b2011Y5IuD6St5zPnzruBbZYkGNurQK63TJPWmRd3mbJsGM0mf3CUQ", 
    "token_type": "Bearer", 
    "expires_in": "3600", 
    "expires_on": "1388444763", 
    "resource": "https://service.contoso.com/", 
    "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4rTfgV29ghDOHRc2B-C_hHeJaJICqjZ3mY2b_YNqmf9SoAylD1PycGCB90xzZeEDg6oBzOIPfYsbDWNf621pKo2Q3GGTHYlmNfwoc-OlrxK69hkha2CF12azM_NYhgO668yfcUl4VBbiSHZyd1NVZG5QTIOcbObu3qnLutbpadZGAxqjIbMkQ2bQS09fTrjMBtDE3D6kSMIodpCecoANon9b0LATkpitimVCrl-NyfN3oyG4ZCWu18M9-vEou4Sq-1oMDzExgAf61noxzkNiaTecM-Ve5cq6wHqYQjfV9DOz4lbceuYCAA", 
    "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read", 
"id_token": " eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0IjoxMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2MywidmVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0NzdlIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoiZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5jb20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talgzZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ.」 
}

在我的情況下,階躍響應看起來像這樣:

{ 
"token_type":"Bearer", 
"scope":"https://graph.microsoft.com/calendars.read https://graph.microsoft.com/calendars.read.shared https://graph.microsoft.com/user.read", 
"expires_in":3599, 
"ext_expires_in":0, 
"access_token":"ACCESS_TOKEN" 
}

我也試過添加資源標籤,但仍然不起作用。出了什麼問題?

UPDATE

我現在試圖添加屬性:

CURLOPT_POSTFIELDS => array(
     "grant_type" => "authorization_code", 
     "client_id" => $client_id, 
     "client_secret" => $client_secret, 
     "code" => $code, 
     "redirect_uri" => $redirect, 
     "prompt"=>"consent"),

它仍然無法正常工作。

來源

2017-03-01 Julian Schmuckli

+0

你可能需要請求離線訪問得到刷新令牌。 – DaImTo

+0

好的,我該怎麼做? –

+0

嘗試添加提示=同意您的初始認證請求。讓我知道如果你得到一個刷新令牌然後。 – DaImTo

回答

3

正如DalmTo所說,您需要請求離線訪問才能獲取刷新令牌。您可以通過將offline_access添加到您的scope來完成此操作。

你的情況:

echo "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?" 
    . "client_id=$client_id" 
    . "&" 
    . "scope=" 
    . "offline_access" 
    . "%20" 
    . "https%3A%2F%2Fgraph.microsoft.com%2FUser.Read" 
    . "%20" 
    . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read" 
    . "%20" 
    . "https%3A%2F%2Fgraph.microsoft.com%2FCalendars.Read.Shared" 
    . "&response_type=code" 
    . "&redirect_uri=" . urlencode($redirect);

來源

2017-03-27 09:31:18

+0

它的作品,非常感謝你。但是您必須將下劃線字符中的圓點替換爲脫機字符,以便從offline.access更改爲offline_access。 –

+1

感謝您注意到錯字 –

相關問題

 相關問題