gpt4 book ai didi

azure-active-directory - 如何使用 Microsoft Graph API 从用户配置文件中获取组织(租户)ID

转载 作者:行者123 更新时间:2023-12-04 08:41:57 26 4
gpt4 key购买 nike

我正在创建一个加载项,我将使用组织许可来销售该加载项。

我已经在加载项上实现了身份验证方案。我目前正在请求 User.Read 范围以确保使用 Azure v2 端点进行身份验证。为了获取我正在查询的用户信息

https://graph.microsoft.com/v1.0/me

为了正确测试用户的许可证,我需要提取用户的组织标识。但是,我从 Grah 请求中收到的用户信息极其精简。对于 AAD 帐户,架构类似于:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
businessPhones: [],
displayName: "FirstName LastName",
givenName: "FirstName",
id: "unique-id",
jobTitle: null,
mail: "First.LastName@COMPANYDOMAIN.COM",
mobilePhone: null,
officeLocation: null,
preferredLanguage: null,
surname: "LastName",
userPrincipalName: "FILastName@COMPANYDOMAIN.COM"
}

如果我使用
https://graph.microsoft.com/BETA/me

我获得了更多信息,但没有任何信息可以帮助我确定用户组织的唯一 ID。

是否需要使用不同的范围来获取用户组织的信息?如果没有,我可以依靠解析用户电子邮件中的域名作为用户组织的唯一 ID 吗?我需要查询不同的 API 吗?

更新:OAuth 响应

如果有帮助,在用户使用 AD 进行身份验证后,我会收到以下响应:
{
access_token: "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFEWDhHQ2k2SnM2U0s4MlRzRDJQYjdyN1VLTzdJSDJSLWpTcmpScU9..."
expires_at: Fri May 18 2018 07: 18: 42 GMT - 0400(Eastern Daylight Time) {}
expires_in: "3599"
provider: "Microsoft"
scope: "https://graph.microsoft.com/User.Read"
session_state: "012f4565-31bb-..."
state: "259309..."
token_type: "Bearer"
}

更新:使用 https://graph.microsoft.com/BETA/me 的完整 AD 响应
{
@odata.context: "https://graph.microsoft.com/beta/$metadata#users/$entity",
accountEnabled: true,
ageGroup: null,
assignedLicenses: [],
assignedPlans: [],
businessPhones: [],
city: null,
companyName: null,
consentProvidedForMinor: null,
country: null,
deletedDateTime: null,
department: null,
deviceKeys: [],
displayName: "FirstName LastName",
employeeId: null,
givenName: "FirstName",
id: "ebdcf715-43c5-4f48-ad0d-b798a3330849",
imAddresses: [],
jobTitle: null,
legalAgeGroupClassification: null,
mail: "FirstName.LastName@COMPANYDOMAIN.COM",
mailNickname: "FirstName.LastName",
mobilePhone: null,
officeLocation: null,
onPremisesDomainName: "COMPANYDOMAIN.COM",
onPremisesExtensionAttributes: {

},
onPremisesImmutableId: "...RVWAty...",
onPremisesLastSyncDateTime: "2018-05-10T18:13:45Z",
onPremisesProvisioningErrors: [],
onPremisesSamAccountName: "FILastName",
onPremisesSecurityIdentifier: "...-21-1412366426-...",
onPremisesSyncEnabled: true,
onPremisesUserPrincipalName: "FILastName@COMPANYDOMAIN.COM",
passwordPolicies: "DisablePasswordExpiration",
passwordProfile: null,
postalCode: null,
preferredDataLocation: null,
preferredLanguage: null,
provisionedPlans: [],
proxyAddresses: [],
refreshTokensValidFromDateTime: "2018-05-10T17:54:45Z",
showInAddressList: null,
state: null,
streetAddress: null,
surname: "LastName",
usageLocation: "US",
userPrincipalName: "FILastName@COMPANYDOMAIN.COM",
userType: "Member"
}

更新:使用 jwt.ms 解码 access_token
{
"typ": "",
"nonce": "",
"alg": "",
"x5t": "",
"kid": "iBjL1Rcqzhiy4fpxIxdZqohM2Yk"
}.{
"aud": "",
"iss": "",
"iat": "",
"nbf": "",
"exp": "",
"acr": "",
"aio": "",
"amr": [
"pwd"
],
"app_displayname": "",
"appid": "",
"appidacr": "",
"family_name": "",
"given_name": "",
"ipaddr": "",
"name": "",
"oid": "",
"onprem_sid": "",
"platf": "",
"puid": "",
"scp": "",
"sub": "",
"tid": "",
"unique_name": "",
"upn": "",
"uti": "",
"ver": "1.0"
}.[Signature]

最佳答案

如果没有其他方法,您可以解码访问 token 并获得 tid宣称。这是 Azure AD 租户的 ID。

您可以从此处找到有关 token 声明的文档:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-token-and-claims

例如,这里是 tid 的说明:

An immutable, non-reusable identifier that identifies the directory tenant that issued the token. You can use this value to access tenant-specific directory resources in a multi-tenant application. For example, you can use this value to identify the tenant in a call to the Graph API.

关于azure-active-directory - 如何使用 Microsoft Graph API 从用户配置文件中获取组织(租户)ID,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50409668/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com