我的应用程序需要访问存储在组的默认文档库中的文件,如文档中所述:
/groups/{group-id}/drive为了做到这一点,应用程序需要获取组ID。 但根据这篇文章和文档,如果应用程序想要读取用户的组信息,那么经过身份验证的用户需要管理员权限。
如果经过身份验证的用户没有管理员权限,应用程序如何获取组ID?
My app needs to access the files stored in a group's default document library as described in the docs like this:
/groups/{group-id}/driveIn order to do this the app needs to obtain the group ID. But according to this post and the documentation the authenticated user needs administrator privileges if the app wants to read the users's group information.
How can the app obtain a group ID if the authenticated user does not have admin privileges?
最满意答案
您的应用程序需要由管理员同意,然后才能访问所需的信息。 访问组所需的权限范围(Groups.Read或Groups.ReadWrite)需要管理员同意,并且管理员可以代表整个组织同意,在这种情况下,当普通用户使用该应用程序时,他们将不会看到同意用户界面和应用程序将能够代表他们访问信息。 代码示例在这里: https : //github.com/Azure-Samples/active-directory-dotnet-admin-restricted-scopes-v2
Your app need to be consented once by the administrator and after that it can access the information it requires. The permission scope required to access groups (Groups.Read or Groups.ReadWrite) require an administrator to consent, and the administrator can consent on behalf of the entire organization, in this case when a regular user uses the app they will not see a consent UI and the app will be able to access the information on their behalf. Code sample here: https://github.com/Azure-Samples/active-directory-dotnet-admin-restricted-scopes-v2
更多推荐
发布评论