我正在尝试使用Outlook REST API。我必须通过Azure AD进行身份验证,对此我有一个小问题。当我交换authorization code到access token的响应https://login.microsoftonline.com/common/oauth2/v2.0/token不包含我需要的refresh_token和id_token。我的代码发送请求是
HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create("https://login.microsoftonline.com/common/oauth2/v2.0/token");
req.Method = "POST";
req.ServicePoint.Expect100Continue = false;
req.UserAgent = "Example/1.0";
req.ContentType = "application/x-www-form-urlencoded";
using (StreamWriter sw = new StreamWriter(req.GetRequestStream()))
{
string data = "";
data += "grant_type=authorization_code";
data += "&code=" + Request.QueryString("code");
data += "&scope=" + HttpUtility.UrlEncode(string.Join(" ", scopes));
data += "&redirect_uri=" + HttpUtility.UrlEncode(redirectUri);
data += "&client_id=" + appId;
data += "&client_secret=" + appPassword;
sw.Write(data);
}
HttpWebResponse res = req.GetResponse();
using (StreamReader sr = new StreamReader(res.GetResponseStream()))
{
Response.ContentType = "application/json";
Response.Write(sr.ReadToEnd());
Response.End();
}
该代码的响应示例
{
"token_type": "Bearer",
"scope": "https://outlook.office.com/Calendars.Read https://outlook.office.com/Calendars.ReadWrite https://outlook.office.com/Mail.Read",
"expires_in": 3600,
"ext_expires_in": 0,
"access_token": "EwAYA+l3B/Qk ... IpfA0C"
}
我不知道我在做什么不同于https://oauthplay.azurewebsites.net因为那里的响应包含所有属性
对于刷新令牌,您必须在请求授权代码时请求Offline_Access范围,对于id_token,我猜您需要Profile范围。id_token基本上是用于应用程序特定的使用,只是为了验证令牌只被特定的应用程序使用,没有其他应用程序代表其他应用程序使用令牌。所以尝试请求offline_access范围,可能会给你刷新令牌。