c# - 未找到范围 (scp) 中的 Azure AD 访问令牌

问题描述

我在 Azure AD 中创建了一个多租户应用程序当我尝试获取访问令牌并签入 jwt.io 时，我发现 scp (Scope) 丢失。

//string authority = "https://login.microsoftonline.com/{0}/common/oauth2/v2.0/token?&response_type=code&scope=openid%20profile%20User.ReadWrite%20User.ReadBasic.All%20Sites.ReadWrite.All%20Contacts.ReadWrite%20People.Read%20Notes.ReadWrite.All%20Tasks.ReadWrite%20Mail.ReadWrite%20Files.ReadWrite.All%20Calendars.ReadWrite";
//string authority = "https://login.microsoftonline.com/{0}/common/oauth2/v2.0/token?&scope=https://graph.windows.net/directory.read%20https://graph.windows.net/directory.write";
//string authority = "https://login.microsoftonline.com/{0}/common/oauth2/v2.0/token";
//string authority = "https://login.microsoftonline.com/{0}";
//string authority = "https://login.microsoftonline.com/{0}/common/oauth2/v2.0/token?&response_type=code&scope=openid%20profile%20User.Read%20User.ReadWrite%20User.ReadBasic.All";
//string authority = "https://login.microsoftonline.com/{0}/oauth2/token?scope=User.ReadBasic.All";
//string authority = "https://login.microsoftonline.com/{0}/oauth2/token?scope=User.ReadBasic.All";
string authority = "https://login.microsoftonline.com/common/oauth2/v2.0/token?response_type=token&scope=User.ReadBasic.All";

我已经尝试了许多权威 URL 的组合

string graphResourceId = "https://graph.microsoft.com";
string clientId = "XXXX";
string secret = "XXXX";
authority = String.Format(authority, tenantId);
AuthenticationContext authContext = new AuthenticationContext(authority);
var accessToken = authContext.AcquireTokenAsync(graphResourceId, new ClientCredential(clientId, secret)).Result;

如何获取 microsoft.graph 资源的范围？

标签： c#azure-active-directorymicrosoft-graph-api