使用带有Microsoft.Graph.API中的作用域的MSAL仍然可以得到PowerShell中的默认作用域。
使用带有Microsoft.Graph.API中的作用域的MSAL仍然可以得到PowerShell中的默认作用域。
提问于 2020-12-30 01:12:38
大家好,我正在尝试通过PowerShell连接到Microsoft Graph API。我正在使用作用域,一切似乎都很好,甚至Fiddler也显示了正确的作用域,但我的令牌中包含了所有作用域。
我使用MSAL程序集: Microsoft.Identity.Client.dll
我运行的脚本:
$ApplicationID = XXXXXX
$Tenant = XXXXXX
$RedirectUri XXXXXX//:auth
$Builder = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($ApplicationID).WithTenantId($Tenant).WithRedirectUri($RedirectUri).Build()
$Delegate = $Builder.AcquireTokenInteractive($global:Scope).ExecuteAsync()Fiddler将其显示为作用域:https://graph.microsoft.com/User.Read openid profile offline_access
然而,所有的默认作用域都在我的标记中:
$Delegate.result.scopes
email
openid
profile
https://graph.microsoft.com/AccessReview.Read.All
https://graph.microsoft.com/AccessReview.ReadWrite.All
https://graph.microsoft.com/AccessReview.ReadWrite.Membership
https://graph.microsoft.com/AdministrativeUnit.Read.All
https://graph.microsoft.com/AdministrativeUnit.ReadWrite.All
https://graph.microsoft.com/Analytics.Read
https://graph.microsoft.com/Application.Read.All
https://graph.microsoft.com/Application.ReadWrite.All
https://graph.microsoft.com/AppRoleAssignment.ReadWrite.All
https://graph.microsoft.com/AuditLog.Read.All
https://graph.microsoft.com/Calendars.Read
https://graph.microsoft.com/Calendars.Read.Shared
https://graph.microsoft.com/Calendars.ReadWrite
https://graph.microsoft.com/Calendars.ReadWrite.Shared
https://graph.microsoft.com/Channel.Create
https://graph.microsoft.com/Channel.Delete.All
https://graph.microsoft.com/Channel.ReadBasic.All
https://graph.microsoft.com/ChannelMember.Read.All
https://graph.microsoft.com/ChannelMember.ReadWrite.All
https://graph.microsoft.com/ChannelMessage.Delete
https://graph.microsoft.com/ChannelMessage.Edit
https://graph.microsoft.com/ChannelMessage.Read.All
https://graph.microsoft.com/ChannelMessage.Send
https://graph.microsoft.com/ChannelSettings.Read.All
https://graph.microsoft.com/ChannelSettings.ReadWrite.All
https://graph.microsoft.com/Chat.Read
https://graph.microsoft.com/Chat.ReadBasic
https://graph.microsoft.com/Chat.ReadWrite
https://graph.microsoft.com/ChatMessage.Send
https://graph.microsoft.com/Contacts.Read
https://graph.microsoft.com/Contacts.Read.Shared
https://graph.microsoft.com/Contacts.ReadWrite
https://graph.microsoft.com/Contacts.ReadWrite.Shared
https://graph.microsoft.com/DelegatedPermissionGrant.ReadWrite.All
https://graph.microsoft.com/Device.Command
https://graph.microsoft.com/Device.Read
https://graph.microsoft.com/Device.Read.All
https://graph.microsoft.com/DeviceManagementApps.Read.All
https://graph.microsoft.com/DeviceManagementApps.ReadWrite.All
https://graph.microsoft.com/DeviceManagementConfiguration.Read.All
https://graph.microsoft.com/DeviceManagementConfiguration.ReadWrite.All
https://graph.microsoft.com/DeviceManagementManagedDevices.Read.All
https://graph.microsoft.com/DeviceManagementManagedDevices.ReadWrite.All
https://graph.microsoft.com/DeviceManagementRBAC.Read.All
https://graph.microsoft.com/DeviceManagementRBAC.ReadWrite.All
https://graph.microsoft.com/DeviceManagementServiceConfig.Read.All
https://graph.microsoft.com/DeviceManagementServiceConfig.ReadWrite.All
https://graph.microsoft.com/Directory.AccessAsUser.All
https://graph.microsoft.com/Directory.Read.All
https://graph.microsoft.com/Directory.ReadWrite.All
https://graph.microsoft.com/Domain.Read.All
https://graph.microsoft.com/Domain.ReadWrite.All
https://graph.microsoft.com/EAS.AccessAsUser.All
https://graph.microsoft.com/EWS.AccessAsUser.All
https://graph.microsoft.com/Files.Read
https://graph.microsoft.com/Files.Read.All
https://graph.microsoft.com/Files.Read.Selected
https://graph.microsoft.com/Files.ReadWrite
https://graph.microsoft.com/Files.ReadWrite.All
https://graph.microsoft.com/Files.ReadWrite.AppFolder
https://graph.microsoft.com/Files.ReadWrite.Selected
https://graph.microsoft.com/Group.Read.All
https://graph.microsoft.com/Group.ReadWrite.All
https://graph.microsoft.com/GroupMember.Read.All
https://graph.microsoft.com/GroupMember.ReadWrite.All
https://graph.microsoft.com/IdentityProvider.Read.All
https://graph.microsoft.com/IdentityProvider.ReadWrite.All
https://graph.microsoft.com/IdentityRiskEvent.Read.All
https://graph.microsoft.com/IdentityRiskEvent.ReadWrite.All
https://graph.microsoft.com/IdentityRiskyUser.Read.All
https://graph.microsoft.com/IdentityRiskyUser.ReadWrite.All
https://graph.microsoft.com/IdentityUserFlow.Read.All
https://graph.microsoft.com/IdentityUserFlow.ReadWrite.All
https://graph.microsoft.com/IMAP.AccessAsUser.All
https://graph.microsoft.com/InformationProtectionPolicy.Read
https://graph.microsoft.com/Mail.Read
https://graph.microsoft.com/Mail.Read.Shared
https://graph.microsoft.com/Mail.ReadBasic
https://graph.microsoft.com/Mail.ReadWrite
https://graph.microsoft.com/Mail.ReadWrite.Shared
https://graph.microsoft.com/Mail.Send
https://graph.microsoft.com/Mail.Send.Shared
https://graph.microsoft.com/MailboxSettings.Read
https://graph.microsoft.com/MailboxSettings.ReadWrite
https://graph.microsoft.com/Member.Read.Hidden
https://graph.microsoft.com/OnPremisesPublishingProfiles.ReadWrite.All
https://graph.microsoft.com/Organization.Read.All
https://graph.microsoft.com/Organization.ReadWrite.All
https://graph.microsoft.com/OrgContact.Read.All
https://graph.microsoft.com/Place.Read.All
https://graph.microsoft.com/Policy.Read.All
https://graph.microsoft.com/Policy.Read.ConditionalAccess
https://graph.microsoft.com/Policy.Read.PermissionGrant
https://graph.microsoft.com/Policy.ReadWrite.ApplicationConfiguration
https://graph.microsoft.com/Policy.ReadWrite.AuthenticationFlows
https://graph.microsoft.com/Policy.ReadWrite.AuthenticationMethod
https://graph.microsoft.com/Policy.ReadWrite.Authorization
https://graph.microsoft.com/Policy.ReadWrite.ConditionalAccess
https://graph.microsoft.com/Policy.ReadWrite.ConsentRequest
https://graph.microsoft.com/Policy.ReadWrite.DeviceConfiguration
https://graph.microsoft.com/Policy.ReadWrite.FeatureRollout
https://graph.microsoft.com/Policy.ReadWrite.PermissionGrant
https://graph.microsoft.com/Policy.ReadWrite.TrustFramework
https://graph.microsoft.com/PrivilegedAccess.Read.AzureAD
https://graph.microsoft.com/PrivilegedAccess.Read.AzureADGroup
https://graph.microsoft.com/PrivilegedAccess.Read.AzureResources
https://graph.microsoft.com/PrivilegedAccess.ReadWrite.AzureAD
https://graph.microsoft.com/PrivilegedAccess.ReadWrite.AzureADGroup
https://graph.microsoft.com/PrivilegedAccess.ReadWrite.AzureResources
https://graph.microsoft.com/ProgramControl.Read.All
https://graph.microsoft.com/ProgramControl.ReadWrite.All
https://graph.microsoft.com/Reports.Read.All
https://graph.microsoft.com/RoleManagement.Read.All
https://graph.microsoft.com/RoleManagement.Read.Directory
https://graph.microsoft.com/RoleManagement.ReadWrite.Directory
https://graph.microsoft.com/SecurityEvents.Read.All
https://graph.microsoft.com/ServiceHealth.Read.All
https://graph.microsoft.com/ServiceMessage.Read.All
https://graph.microsoft.com/Sites.FullControl.All
https://graph.microsoft.com/Sites.Manage.All
https://graph.microsoft.com/Sites.Read.All
https://graph.microsoft.com/Sites.ReadWrite.All
https://graph.microsoft.com/SMTP.Send
https://graph.microsoft.com/Subscription.Read.All
https://graph.microsoft.com/Team.Create
https://graph.microsoft.com/Team.ReadBasic.All
https://graph.microsoft.com/TeamMember.Read.All
https://graph.microsoft.com/TeamMember.ReadWrite.All
https://graph.microsoft.com/TeamMember.ReadWriteNonOwnerRole.All
https://graph.microsoft.com/TeamsTab.ReadWrite.All
https://graph.microsoft.com/TermStore.Read.All
https://graph.microsoft.com/TermStore.ReadWrite.All
https://graph.microsoft.com/ThreatAssessment.ReadWrite.All
https://graph.microsoft.com/ThreatIndicators.Read.All
https://graph.microsoft.com/ThreatIndicators.ReadWrite.OwnedBy
https://graph.microsoft.com/TrustFrameworkKeySet.Read.All
https://graph.microsoft.com/TrustFrameworkKeySet.ReadWrite.All
https://graph.microsoft.com/User.Export.All
https://graph.microsoft.com/User.Invite.All
https://graph.microsoft.com/User.ManageIdentities.All
https://graph.microsoft.com/User.Read
https://graph.microsoft.com/User.Read.All
https://graph.microsoft.com/User.ReadBasic.All
https://graph.microsoft.com/User.ReadWrite
https://graph.microsoft.com/User.ReadWrite.All
https://graph.microsoft.com/UserActivity.ReadWrite.CreatedByApp
https://graph.microsoft.com/UserAuthenticationMethod.Read
https://graph.microsoft.com/UserAuthenticationMethod.Read.All
https://graph.microsoft.com/UserAuthenticationMethod.ReadWrite
https://graph.microsoft.com/UserAuthenticationMethod.ReadWrite.All看起来它仍然加载.default作用域。不用担心,这是一个测试环境;-)。
是因为作用域中的其中一个吗?电子邮件openid配置文件
回答 1
Stack Overflow用户
发布于 2020-12-31 08:21:03
这是经过设计的:为了防止在增量同意时对服务器的额外调用,AAD在响应上返回所有同意的作用域(针对该资源)。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65496014
复制相关文章
相似问题
腾讯云开发者
