C#-AADSTS70011：为输入参数“范围”提供的值无效

因此,我有一个方案,在该方案中,应在特定条件下将用户添加到组中.此外,当应用程序开始运行时,也不应要求用户登录其Microsoft ID / PWD.因此,我访问创建了Graph Service Client对象的令牌,如下所示：

GraphServiceClient graphClient = new GraphServiceClient(
    "https://graph.microsoft.com/v1.0", 
    new DelegateAuthenticationProvider(
        async (requestMessage) =>
        {
            string clientId = "My APP ID";
            string authorityFormat = "https://login.microsoftonline.com/{0}/v2.0";
            string tenantId = "tenant GUID";
            string[] _scopes = new string[] { 
                "https://graph.microsoft.com/User.ReadBasic.All" 
            };
            // Custom Redirect URI asigned in the Application Registration 
            // Portal in the native Application Platform
            string redirectUri = "https://localhost:4803/"; 
            string clientSecret = "App Secret";
            ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(
                clientId, 
                String.Format(authorityFormat, tenantId), 
                redirectUri, 
                new ClientCredential(clientSecret), 
                null, new TokenCache()
            );
            AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(_scopes);
            string token = authResult.AccessToken;
            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token);
        }
   )
);

所以我尝试执行
var user =等待graphClient.Me.Request().GetAsync();

我得到错误：

AADSTS70011: The provided value for the input parameter ‘scope’ is not valid. The scope user.read is not valid.

我也尝试仅使用User.ReadBasic作为范围,但得到相同的错误.
我在这里做错了什么？

解决方法:

您在此处使用客户端凭据流,这意味着您无法动态请求范围.您必须在apps.dev.microsoft.com上的应用程序注册上配置所需的权限范围,然后在代码中将范围的值设置为https://graph.microsoft.com/.default.

有关更多详细信息,请参见https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service.

标签：microsoft-graph,c
来源： https://codeday.me/bug/20191108/2009469.html