我一直在使用TeamSFX SDK开发团队自定义应用程序。
我想使用应用程序身份使用Microsoft Graph API。
因此,我提到了Microsoft官方文档,但是我无法实现自己想做的事情。
- 引用文档:。
在“创建MicrosoftGraplClient Service”下,“ Indoke Graph API没有用户(应用程序身份)”部分。
我尝试了以下操作:
- 我从“ SSO启用”选项卡中创建了一个新的Teams应用程序,并在Visual Studio Code上使用Teams Toolkit创建了一个新团队应用程序。
- 我在下面编辑了一个Graph.jsx,以获取用户信息。
import { createMicrosoftGraphClient, IdentityType, TeamsFx } from "@microsoft/teamsfx";
useEffect(() => {
const getProfile = async () => {
const teamsfx = new TeamsFx(IdentityType.App);
const graphClient = createMicrosoftGraphClient(teamsfx);
const profile = await graphClient.api("/users/[email protected]").get();
return profile;
};
const profile = getProfile();
}, []);
- 我通过在Visual Studio代码中击中F5密钥来调试项目。
尽管我尝试了该文档所说的话,但控制台日志表示“ TeamSFX中不支持应用程序身份”。
我应该如何编辑我的projec以使用Microsoft Graph API,而无需用户身份(即使用应用程序身份)?
I've been developing a Teams Custom App with the TeamsFx SDK.
I want to use the Microsoft Graph API using an Application identity.
So, I referred to the Microsoft official documentation, however I wasn't able to achieve what I wanted to do.
- Referred document: https://learn.microsoft.com/en-us/microsoftteams/platform/toolkit/teamsfx-sdk.
Under "Create MicrosoftGraphClient service", "Invoke Graph API without user (Application Identity)" section.
I tried the following:
- I created a new Teams app from "SSO-enabled tab" sample with Teams Toolkit on Visual Studio Code.
- I edited a Graph.jsx as below to get a user info.
import { createMicrosoftGraphClient, IdentityType, TeamsFx } from "@microsoft/teamsfx";
useEffect(() => {
const getProfile = async () => {
const teamsfx = new TeamsFx(IdentityType.App);
const graphClient = createMicrosoftGraphClient(teamsfx);
const profile = await graphClient.api("/users/[email protected]").get();
return profile;
};
const profile = getProfile();
}, []);
- I debugged the project by hitting the F5 key in Visual Studio Code.
Although I tried what the document said, the console log said "Application identity is not supported in TeamsFx".
How should do I edit my projec to use Microsoft Graph API without a user identity (i.e. using Application Identity)?
发布评论
评论(2)
浏览器(选项卡页面)中不支持应用程序身份,因此您需要服务器环境来使用它。
您可以添加一个Azure功能,并在其中使用应用程序身份来实现所需的效果。这是Teams Toolkit v4.0.1中的步骤:
Application Identity is not supported in browser (Tab page), so you need a server environment to use it.
You could add an Azure Function and use the Application Identity in it to achieve desired effect. Here's the steps in Teams Toolkit v4.0.1:
您要做的是不安全的,因为您的代码作为应用程序级别的安全性运行,但在客户端端运行。具有这种特权的代码只能在服务器端或在受保护的API后面运行(例如,它使用SSO验证用户的安全性以确保用户有效,然后在服务器上执行)。
该视频对它应该如何工作给出了一些想法: https:// https://www.youtube 。
然后打电话)。您可以跳过该部分,只使用应用程序令牌,但是如我所提到的那样,您应该在服务器中而不是在客户端上发生这种情况。
What you're trying to do is insecure, because you have code running as Application level security, but running on the client side. Code running with that kind of privilege should only be running on the server side, or in this case behind a protected API (e.g. one that it validating the user's security using SSO to ensure the user is valid, and then executing on the server).
This video gives a bit of an idea of how it should be working: https://www.youtube.com/watch?v=kruUnaZgQaY
In the video, they're actually doing a token -exchange- (exchanging from the pure client side SSO token, and getting an "on behalf of" token in the backend, and making the call then). You can skip that part and just use the application token, but you should, as I mentioned, have this occurring in the server, not on the client.