无法使用Microsoft Graph API访问Microsoft Intune中的用户设备

时间:2018-02-16 19:37:21

标签: java microsoft-graph intune

我正在尝试访问特定用户的托管设备。我编写了一个使用Web应用程序获取身份验证代码的代码。我能够看到所有用户以及特定用户。但是当我尝试为用户访问托管设备时,我会收到401未经授权的错误。我已经检查了授予在Azure图上用于Microsoft Graph创建的Web应用程序的所有权限。这是我的代码: - 

try {
    String access_token = getAccessToken();
    String url_str = "https://graph.microsoft.com/v1.0/users/{user name here}/managedDevices/";

    url = new URL(url_str);
    con = ( HttpURLConnection )url.openConnection();
    con.setDoInput(true);
    con.setDoOutput(true);
    con.setUseCaches(false);
    con.setRequestMethod("GET");
    con.setRequestProperty("Authorization", access_token);
    con.setRequestProperty("Accept","application/json");
    con.connect();

    br = new BufferedReader(new InputStreamReader( con.getInputStream() ));
    String str = null;
    String line;
    while((line = br.readLine()) != null) {
        str += line;
    }
    System.out.println(str);
} catch (Exception e) {
    e.printStackTrace();
}

令牌检索码: - 

private String getAccessToken() {
    String accessToken = "";
    try {
        ExecutorService service = Executors.newFixedThreadPool(1); 
        String authorization_url = "https://login.microsoftonline.com/" + Authentication_Constants.TENANT + "/oauth2/authorize/";
        AuthenticationContext authContext = new AuthenticationContext(authorization_url, false, service);
        ClientCredential clientCred = new ClientCredential(Authentication_Constants.CLIENTID, Authentication_Constants.SECRET);
        Future<AuthenticationResult>  future = authContext.acquireToken(Authentication_Constants.RESOURCE, clientCred, null);
        AuthenticationResult authResult = future.get();
        accessToken = authResult.getAccessToken();
    } catch (Exception ex) {
        System.out.println(ex.getLocalizedMessage());
    }
    return accessToken;
}

我有什么遗漏的吗?谢谢!

1 个答案:

答案 0 :(得分:1)

I work on the Microsoft Intune team, specifically on the integration between Microsoft Intune and Microsoft Graph.

From the looks of the code you give above it looks like you are trying to use app-only credentials to access the API, at the moment the Microsoft Intune APIs only support the use of app+user credentials (i.e. Delegated permissions). In order to access these APIs you will need to authenticate as a user.

If you take a look at the Microsoft Graph permissions reference for Intune all the permissions are listed as Delegated permissions which require app+user credentials.

If you need to have app-only access to Intune APIs I would recommend adding comments on your scenario on the Microsoft Intune Feedback site under this item.

Thanks

Peter

相关问题
最新问题