当我从我的网络应用程序调用它时,我收到一个错误代码9000 - "Unsupported AAD Identity"。
POST https://graph.microsoft.com/beta/app/calls
请求标头:
{
"Content-type" => "application/json",
"Authorization" => "Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFBUDB3TGxxZExWVG9PcEE0a3d6U254TkY3UDFxM05tT0xEOHZJVXk0NmFtVWRaV1ZhbGdFUWx2Vkw4Mmp4cS1tZFpwOWdiY1kwdVB4U3ctOGlGd3JRM00zUWlBS29KS08zRzN3czNsNlFmZXlBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoidTRPZk5GUEh3RUJvc0hqdHJhdU9iVjg0TG5ZIiwia2lkIjoidTRPZk5GUEh3RUJvc0hqdHJhdU9iVjg0TG5ZIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC81NGRkYWJiMS1kNjU5LTRhZmYtODNkZi1kYzUwODk2OTI3YjgvIiwiaWF0IjoxNTYzODQxMTQ2LCJuYmYiOjE1NjM4NDExNDYsImV4cCI6MTU2Mzg0NTA0NiwiYWNjdCI6MCwiYWNyIjoiMSIsImFpbyI6IkFTUUEyLzhNQUFBQWlhS2hob3hBalByVHJsOEZVc0w0Q2Y2Zkc4M2x4YVpIWXVYOTJaT0w5eDQ9IiwiYW1yIjpbInB3ZCIsInJzYSJdLCJhcHBfZGlzcGxheW5hbWUiOiJNeSBSdWJ5IEFwcCIsImFwcGlkIjoiYTFlMjliY2YtODYxOS00ZjVjLWEzMjAtNmY2N2QzMGZiOTlkIiwiYXBwaWRhY3IiOiIxIiwiZGV2aWNlaWQiOiJjMThiZDJmYS05YzhkLTRlOGItYTUwMi1lYWFlMmI2YzM1NjYiLCJmYW1pbHlfbmFtZSI6IuWFqOS9kyIsImdpdmVuX25hbWUiOiLnrqHnkIbogIUiLCJpcGFkZHIiOiIxNTMuMTU2Ljg5LjYzIiwibmFtZSI6IuWFqOS9kyDnrqHnkIbogIUiLCJvaWQiOiIwZGFmMzVhNS1jZjUyLTQ0ODMtYmM0NS0xM2ExYTBlYWE5Y2MiLCJwbGF0ZiI6IjMiLCJwdWlkIjoiMTAwMzIwMDA0OTE0QkVDMCIsInNjcCI6IkNhbGVuZGFycy5SZWFkIERpcmVjdG9yeS5BY2Nlc3NBc1VzZXIuQWxsIERpcmVjdG9yeS5SZWFkLkFsbCBlbWFpbCBHcm91cC5SZWFkLkFsbCBHcm91cC5SZWFkV3JpdGUuQWxsIG9wZW5pZCBwcm9maWxlIFVzZXIuUmVhZCBVc2VyLlJlYWQuQWxsIFVzZXIuUmVhZEJhc2ljLkFsbCIsInNpZ25pbl9zdGF0ZSI6WyJrbXNpIl0sInN1YiI6IktIZ3dXcEdHMWRRdHlUSGplU3pfQ1RPWk03b0w1bHRocWFUclRSbi1ucm8iLCJ0aWQiOiI1NGRkYWJiMS1kNjU5LTRhZmYtODNkZi1kYzUwODk2OTI3YjgiLCJ1bmlxdWVfbmFtZSI6ImFkbWluQGV4ZW9kZXYuaXRlZS5jby5qcCIsInVwbiI6ImFkbWluQGV4ZW9kZXYuaXRlZS5jby5qcCIsInV0aSI6IlVPRURPdnAzWEVTUU9rckU0dEFFQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbIjYyZTkwMzk0LTY5ZjUtNDIzNy05MTkwLTAxMjE3NzE0NWUxMCIsImY3MDkzOGEwLWZjMTAtNDE3Ny05ZTkwLTIxNzhmODc2NTczNyJdLCJ4bXNfc3QiOnsic3ViIjoiS2Mwc1JER3hHZFV5eDR6Qk1ucm9XWDhkNVpBTjVKN1EwSTh5SWZnUUhZZyJ9LCJ4bXNfdGNkdCI6MTU1ODMxNTU3OH0.cQmQLHWUfs8iOOPHf5SmWJYgsjQqLjZq9W5pKZzwRBtiQoOsUHILZkGYKz7_jx0bW-p87Cq6mFzswnoK30smEH6l7VW-gkzrxc2JFuDh-nKvfemTKnI3O_ZjtrEJNp-sWZF5Enm28Mg5Lh4hfBrSiROO8b0gAMytLWx9Qjy3H5x_zzdy34D1B1O8nCFrx217olDzarDCd6KqPtfCqoS00mWqCIwlEvHSi7OCtBV0HaUEl07-hi9hovu-uaHTLRW50fFP9hfoWYOz5qRyidpGNRtR26rUtexlOXtceZKYv5fD_VFNiBdT7d06EiK58UBib08eHjcvNJ6NEhcW0xTOxA"
}
请求正文:
{
"callbackUri": "https://bot.contoso.com/api/calls",
"mediaConfig": {
"@odata.type": "#microsoft.graph.serviceHostedMediaConfig",
"preFetchMedia": [
{
"uri": "https://cdn.contoso.com/beep.wav",
"resourceId": "1D6DE2D4-CD51-4309-8DAA-70768651088E"
},
{
"uri": "https://cdn.contoso.com/cool.wav",
"resourceId": "1D6DE2D4-CD51-4309-8DAA-70768651088F"
}
]
},
"source": {
"identity": {
"application": {
"id": "RealAppId"
}
},
"languageId": "languageId-value",
"region": "region-value"
},
"subject": "Test Call",
"targets": [
{
"identity": {
"user": {
"id": "RealTargetUserId",
"tenantId": "RealTenantId",
"displayName": "RealName"
}
}
}
],
"tenantId": "tenantId-value"
}
响应:
{
"error": {
"code": "UnknownError",
"message": "{
"errorCode": "9000",
"message": "Unsupported AAD Identity.",
"instanceAnnotations": []
}",
"innerError": {
"request-id": "RealRequestId",
"date": "2019-07-23T00:25:12"
}
}
}
我在请求正文中,RealTargetUserId是预配了 E1 许可证的 Azure ActiveDirectory 用户 ID。 RealAppId是已注册的应用程序 ID,其权限如下所示:
Calls.AccessMedia.All
Calls.Initiate.All
Calls.InitiateGroupCall.All
Calls.JoinGroupCall.All
Calls.JoinGroupCallAsGuest.All
根据文档,您需要以下应用程序范围之一来创建调用:Calls.JoinGroupCallsasGuest.All、Calls.JoinGroupCalls.All、Calls.Initiate.All、Calls.InitiateGroupCalls.All。
但是,你使用的身份验证令牌使用的是委派范围。这告诉我您使用的是 OAuth 的身份验证代码或隐式授权流。这些都不适用于此操作。
若要使用此终结点,需要使用 OAuth 客户端凭据授予请求仅限应用的令牌。文档中提供了有关如何执行此操作的说明:在没有用户的情况下获取访问权限。
此外,您过度请求权限范围。例如,不需要请求User.Read、User.Read.All和User.ReadBasic.All,你只需要User.Read.All来完成同样的事情。Group.Read.All和Group.ReadWrite.All也是如此.
若要解决"应用程序未在我们的商店中注册"的问题,您需要确保使用机器人通道注册,而不仅仅是普通的应用程序注册。
机器人频道注册还应将 Microsoft Teams 作为已注册频道,并启用呼叫。
有关详细信息,请参阅:https://microsoftgraph.github.io/microsoft-graph-comms-samples/docs/articles/calls/register-calling-bot.html
如果只关心 API 访问,则可以跳过有关在团队中添加机器人的最后一步。