更新时间:2023-09-10 15:02:58
根据报告Microsoft图形api的权限,Reports.Read.All
是application permission
,它允许应用程序无需登录用户即可读取所有服务使用情况报告.要调用该api,您需要使用客户端凭据流来获取具有应用程序标识的令牌:
According to Get EmailActivity report document , read that report needs Reports.Read.All
permission . And according to Reports permissions of microsoft graph api, Reports.Read.All
is application permission
which allows an app to read all service usage reports without a signed-in user. To call that api , you need to use client credential flow to acquire token with app identity :
在您的azure广告应用程序中添加Microsoft graph的Read all usage reports
应用程序权限:
通过使用您的AAD的管理员帐户单击上方屏幕快照中的Grant Permissions
按钮来授予该应用程序权限.
Grant that application permission by clicking Grant Permissions
button in above screenshot with admin account of your AAD .
使用客户端凭据流来获取Microsoft图形的访问令牌:
Using client credential flow to acquire access token for microsoft graph :
POST https://login.microsoftonline.com/chencl.onmicrosoft.com/oauth2/token
grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>&resource=https%3A%2F%2Fgraph.microsoft.com%2F
获取访问令牌后,您可以使用在线工具对该令牌进行解码,您应该找到roles声明中的c0>.
After you get the access token , you could decode the token using online tool, you should find Reports.Read.All
in roles
claim .
然后您可以调用EmailActivity api,它返回302 Found响应,重定向到该报告的预认证下载URL:
Then you could call the EmailActivity api , it returns 302 Found response redirecting to a pre-authenticated download URL for the report:
请告诉我是否有帮助.