我正在创建一个插件,打算使用组织许可证进行销售。
我已经在插件上实施了身份验证方案。目前,我正在请求User.Read
范围,以便在 Azure v2 端点上进行确定的身份验证。为了获取用户信息,我正在查询
https://graph.microsoft.com/v1.0/me
为了正确测试用户的许可证,我需要提取用户所属组织的标识。然而,我从Grah请求中收到的用户信息非常匮乏。对于AAD帐户,模式看起来像这样:要正确测试用户的许可证,我需要提取用户所属组织的标识。 然而,我从Grah请求中收到的用户信息非常匮乏。 对于AAD帐户,模式看起来像:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
businessPhones: [],
displayName: "FirstName LastName",
givenName: "FirstName",
id: "unique-id",
jobTitle: null,
mail: "First.LastName@COMPANYDOMAIN.COM",
mobilePhone: null,
officeLocation: null,
preferredLanguage: null,
surname: "LastName",
userPrincipalName: "FILastName@COMPANYDOMAIN.COM"
}
如果我使用
https://graph.microsoft.com/BETA/me
我获得了更多的信息,但没有帮助我确定用户组织的唯一标识符。
是否需要使用不同的范围来获取用户组织的信息?如果没有,我能否依靠从用户电子邮件中解析域名作为用户组织的唯一标识符?我需要查询不同的API吗?
更新:OAuth响应
如果有帮助的话,在用户通过AD进行身份验证后,我收到以下响应:
{
access_token: "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFEWDhHQ2k2SnM2U0s4MlRzRDJQYjdyN1VLTzdJSDJSLWpTcmpScU9..."
expires_at: Fri May 18 2018 07: 18: 42 GMT - 0400(Eastern Daylight Time) {}
expires_in: "3599"
provider: "Microsoft"
scope: "https://graph.microsoft.com/User.Read"
session_state: "012f4565-31bb-..."
state: "259309..."
token_type: "Bearer"
}
更新:完整的 AD 响应使用 https://graph.microsoft.com/BETA/me
{
@odata.context: "https://graph.microsoft.com/beta/$metadata#users/$entity",
accountEnabled: true,
ageGroup: null,
assignedLicenses: [],
assignedPlans: [],
businessPhones: [],
city: null,
companyName: null,
consentProvidedForMinor: null,
country: null,
deletedDateTime: null,
department: null,
deviceKeys: [],
displayName: "FirstName LastName",
employeeId: null,
givenName: "FirstName",
id: "ebdcf715-43c5-4f48-ad0d-b798a3330849",
imAddresses: [],
jobTitle: null,
legalAgeGroupClassification: null,
mail: "FirstName.LastName@COMPANYDOMAIN.COM",
mailNickname: "FirstName.LastName",
mobilePhone: null,
officeLocation: null,
onPremisesDomainName: "COMPANYDOMAIN.COM",
onPremisesExtensionAttributes: {
…
},
onPremisesImmutableId: "...RVWAty...",
onPremisesLastSyncDateTime: "2018-05-10T18:13:45Z",
onPremisesProvisioningErrors: [],
onPremisesSamAccountName: "FILastName",
onPremisesSecurityIdentifier: "...-21-1412366426-...",
onPremisesSyncEnabled: true,
onPremisesUserPrincipalName: "FILastName@COMPANYDOMAIN.COM",
passwordPolicies: "DisablePasswordExpiration",
passwordProfile: null,
postalCode: null,
preferredDataLocation: null,
preferredLanguage: null,
provisionedPlans: [],
proxyAddresses: [],
refreshTokensValidFromDateTime: "2018-05-10T17:54:45Z",
showInAddressList: null,
state: null,
streetAddress: null,
surname: "LastName",
usageLocation: "US",
userPrincipalName: "FILastName@COMPANYDOMAIN.COM",
userType: "Member"
}
更新:使用jwt.ms解码access_token
{
"typ": "",
"nonce": "",
"alg": "",
"x5t": "",
"kid": "iBjL1Rcqzhiy4fpxIxdZqohM2Yk"
}.{
"aud": "",
"iss": "",
"iat": "",
"nbf": "",
"exp": "",
"acr": "",
"aio": "",
"amr": [
"pwd"
],
"app_displayname": "",
"appid": "",
"appidacr": "",
"family_name": "",
"given_name": "",
"ipaddr": "",
"name": "",
"oid": "",
"onprem_sid": "",
"platf": "",
"puid": "",
"scp": "",
"sub": "",
"tid": "",
"unique_name": "",
"upn": "",
"uti": "",
"ver": "1.0"
}.[Signature]
access_token
吗?我该如何从中提取租户 ID?也许你想发布一个带有详细信息的完整答案? - seebiscuittid
。那是组织ID。 - juunas