我正在尝试使用microsoft graph访问令牌对outlook邮箱(用于从应用程序发送邮件)进行现代身份验证。我成功地从下面的代码中获取了访问令牌:
public class AuthTokenAccess {
public AuthTokenAccess() {}
public static String getAccessToken(String tenantId, String clientId, String clientSecret, String scope)
{
String endpoint = String.format("https://login.microsoftonline.com/%s/oauth2/token", tenantId);
String postBody = String.format("grant_type=client_credentials&client_id=%s&client_secret=%s&resource=%s&scope=%s",
clientId, clientSecret, "https://management.azure.com/", scope);
String accessToken = null;
try{
HttpURLConnection conn = (HttpURLConnection) new URL(endpoint).openConnection();
conn.setRequestMethod("POST");
conn.addRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setDoOutput(true);
conn.getOutputStream().write(postBody.getBytes());
conn.connect();
JsonFactory factory = new JsonFactory();
JsonParser parser = factory.createParser(conn.getInputStream());
//String accessToken = null;
while (parser.nextToken() != JsonToken.END_OBJECT) {
String name = parser.getCurrentName();
if ("access_token".equals(name)) {
parser.nextToken();
accessToken = parser.getText();
}
}
}catch(Exception e) {
}
return accessToken;
}获取访问令牌后,我将此消息发送到ExchangeService:
public ExchangeService getExchangeServiceObj(String emailId, String token, String emailServerURI) throws URISyntaxException {
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
if(service != null) {
service.getHttpHeaders().put("Authorization", "Bearer " + token);
service.getHttpHeaders().put("X-AnchorMailbox", emailId);
service.setUrl(new URI(emailServerURI)); //https://outlook.office365.com/EWS/Exchange.asmx
}
LOGGER.debug("getExchangeServiceObj() {}.", "ends");
return service;
}在这里,我获得了ExchangeService对象,但当我尝试发送邮件时microsoft.exchange.webservices.data.core.service.item.EmailMessage.sendAndSaveCopy()抛出异常
public void sendMail(String toMail, String ccMail, String subject, String body, String pathOfFileToAttach) {
ExchangeService emailService = getExchangeServiceObj(
ResourceUtils.getPropertyValue("email_user"),
token,
ResourceUtils.getPropertyValue("ews_server"));
if(!StringUtils.hasText(toMail)) {
toMail = ccMail;
}
EmailMessage emessage = new EmailMessage(emailService);
emessage.setSubject(subject);
String strBodyMessage = body;
strBodyMessage = strBodyMessage + "<br /><br />";
LOGGER.info("Body: {} ", body);
MessageBody msg = new MessageBody(BodyType.HTML, strBodyMessage);
emessage.setBody(msg);
emessage.sendAndSaveCopy();
LOGGER.info("Email send {}", "sucessfully");
} catch(Exception e) {
LOGGER.error(Constants.ERROR_STACK_TRACE, e);
throw new CommonException(e);
}
}尝试使用以下内窥镜:”https://outlook.office.com/EWS.AccessAsUser.All“、”https://graph.microsoft.com/.default“
下面是我使用上面的代码获得的访问令牌:
{“aud”:“https://management.azure.com/“,“iss”:“https://sts.windows.net/3863b7d0-213d-40f3-a4d0-6cd90452245a/“,“iat”:1628068305,“nbf”:1628068305,“失效日期”:1628072205,“航空公司”:“E2 ZgYEjcvsaipUV 1 wxwxrne/9 F4 XAAA =",“应用程序ID”:“055 eb 578 -4716-4901- 861 b-92 f2469 dac 9 c”,“附录”:“1”、“idp”:“网址为:“33688 CEE-E16 E-4D 11 - 8AEO-A804805 EA 007”,“相对湿度”:“0.AUYA0LdjOD0h80Ck0GzBFIkWni1XgUWRwFJhhuS8kadrJxGAAA.",“子”:“编号33688 CEE-E16 E-4D 11 - 8Ae 0-A804805 EA 007”,“每日三次”:“3863 b7 d 0 - 213 d-40 f3-a4 d 0 - 6cd 90452245 a”,“通用技术接口”:“nZUVod_e3 EuO_T-Ter-_AQ”,“版本”:“1.0”、“xms_tcdt”:小行星1626687774
正如你所看到的,作用域不包括在令牌中。2在获取令牌时,我需要传递任何其他的东西吗?
Azure活动目录设置:
1.已注册的应用程序2.创建客户端密码3.添加重定向URL x1c 0d1x
1.已添加权限
有没有人可以请帮助我在这里,我正在做的错误或其他任何其他方式来使它工作。谢谢
1条答案
按热度按时间e4yzc0pl1#
我在这里发现了一些问题,首先是您使用的客户端凭据流要求您分配应用程序权限,而您只有委派权限,对于EWS,唯一有效的应用程序权限是full_access_as_app,请参见https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth(仅限应用程序部分)
此处混合使用V1和V2身份验证(请参见https://nicolgit.github.io/AzureAD-Endopoint-V1-vs-V2-comparison/),这对于v1端点不起作用(作用域将被忽略),例如,您在https://login.microsoftonline.com/%s/oauth2/token中使用的是V1身份验证端点,因此您的请求不应仅包括作用域和资源,该资源应为https://outlook.office.com