Microsoft Graph API beta driveItem retractsenitivityLabel返回403禁止
我们在Beta版本的Graph中可用的功能有问题。我们正在使用此端点从驱动器项目中提取灵敏度标签:
post https://graph.microsoft.com/beta/drives/ {drive-id}/item/{item-id}/extractSensitivityLabels
根据文档,我们需要文件。 read.all,files.readwrite.all,stites.read.all或stites.readWrite.All访问此端点的所有权限:
我们用于身份验证的避难所化令牌:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/xxx/",
"iat": 1655160900,
"nbf": 1655160900,
"exp": 1655247600,
"aio": "xxx",
"app_displayname": "xxx",
"appid": "xxx",
"appidacr": "2",
"idp": "https://sts.windows.net/xxx/",
"idtyp": "app",
"oid": "xxx",
"rh": "xxx",
"roles": [
"Sites.Manage.All",
"Sites.ReadWrite.All",
"Files.ReadWrite.All"
],
"sub": "xxx",
"tenant_region_scope": "EU",
"tid": "xxx",
"uti": "xxx",
"ver": "1.0",
"wids": [
"xxx"
],
"xms_tcdt": "1509395911"
}
但是,我们收到了403响应的内容:
{
"error": {
"code": "accessDenied",
"message": "Cannot call this API using the current App Id.",
"innerError": {
"date": "2022-06-14T08:00:52",
"request-id": "xxx",
"client-request-id": "xxx"
}
}
}
我们已经测试了其他图形β端点,并且对它们没有任何问题。什么可能导致这个问题?
We are having a problem with a feature available in the beta version of Graph. We are using this endpoint to extract sensitivity labels from drive item:
POST https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/extractSensitivityLabels
According to the documentation, we need Files.Read.All, Files.ReadWrite.All, Sites.Read.All or Sites.ReadWrite.All permissions to access this endpoint:
Deserialized token we used for authentication:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/xxx/",
"iat": 1655160900,
"nbf": 1655160900,
"exp": 1655247600,
"aio": "xxx",
"app_displayname": "xxx",
"appid": "xxx",
"appidacr": "2",
"idp": "https://sts.windows.net/xxx/",
"idtyp": "app",
"oid": "xxx",
"rh": "xxx",
"roles": [
"Sites.Manage.All",
"Sites.ReadWrite.All",
"Files.ReadWrite.All"
],
"sub": "xxx",
"tenant_region_scope": "EU",
"tid": "xxx",
"uti": "xxx",
"ver": "1.0",
"wids": [
"xxx"
],
"xms_tcdt": "1509395911"
}
However, we receive a 403 response with the content:
{
"error": {
"code": "accessDenied",
"message": "Cannot call this API using the current App Id.",
"innerError": {
"date": "2022-06-14T08:00:52",
"request-id": "xxx",
"client-request-id": "xxx"
}
}
}
We have tested other graph beta endpoints and had no problems with them. What could be causing this problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
似乎目前,这仅适用于委派权限。
如果有一些预先允许的苹果可以在应用程序上下文中调用此API,则我在文档中没有找到任何跟踪。
Seems that currently this only work with Delegated permissions.
I did not find any trace in the docs if there are some pre-allowed appIds that would be allowed to call this API in Application context.
首先,您要调用特定驱动器的项目,这看起来您无法访问该特定文件驱动器/项目,我们可以建议您检查是否能够访问特定的驱动器和要添加的提取物的项目灵敏度标签,通过调用获取API。
get/drives/{drive-id}/item/{item-id}
谢谢
First of all you are calling a particular drive's item and this looks like you don't have access for that particular file drive/item , we can suggest you to please check if are able to access particular drive and items which you want to add extract sensitivity labels ,by calling Get API .
GET /drives/{drive-id}/items/{item-id}
Thanks