使用图API API在Azure Active Directory中创建应用程序失败
我正在尝试使用Azure Active Directory图谱API(使用Azure GraphClient nuget包)在Azure AD中创建新应用程序。
我使用现有的AAD应用程序进行了身份validation,因此我对该目录具有写入权限。
但是,在创建新的应用程序对象时,Azure Graph API会返回以下错误:
{"odata.error": { "code":"Request_BadRequest", "message": { "lang":"en", "value":"Property value cannot have duplicate id or claim values." }, "values": [{ "item":"PropertyName", "value":"None" }, { "item":"PropertyErrorCode", "value":"DuplicateValue" } ] } } 它没有说明哪个属性具有重复的id或声明值 – 错误消息中有两个空格,就好像名称缺失一样。
创建Application对象的代码是这样的:
var appname = "Test Application create " + DateTime.Now.Ticks; var application = new Application() { AvailableToOtherTenants = false, DisplayName = appname, ErrorUrl = null, GroupMembershipClaims = null, Homepage = "http://www.domain.com", IdentifierUris = new List() {{"https://domain.com/"+ appname } }, KeyCredentials = new List(), KnownClientApplications = new List(), LogoutUrl = null, Oauth2AllowImplicitFlow = false, Oauth2AllowUrlPathMatching = false, Oauth2Permissions = new List() { { new OAuth2Permission() { AdminConsentDescription = $"Allow the application to access {appname} on behalf of the signed-in user.", AdminConsentDisplayName = $"Access {appname}", Id = Guid.NewGuid(), IsEnabled = true, Type = "User", UserConsentDescription = $"Allow the application to access {appname} on your behalf.", UserConsentDisplayName = $"Access {appname}", Value = "user_impersonation" } } }, Oauth2RequirePostResponse = false, PasswordCredentials = new List(), PublicClient = false, ReplyUrls = new List(), RequiredResourceAccess = new List(), SamlMetadataUrl = null, ExtensionProperties = new List(), Manager = null, ObjectType = "Application", DeletionTimestamp = null, CreatedOnBehalfOf = null, CreatedObjects = new List(), DirectReports = new List(), Members = new List(), MemberOf = new List(), Owners = new List(), OwnedObjects = new List() }; await client.Applications.AddApplicationAsync(application);
我错过了一处房产吗? 似乎没有任何非唯一属性,并且使用唯一名称创建应用程序。
错误消息确实非常令人困惑,但问题是您正在尝试定义已定义的范围值( user_impersonation )。
如果您运行此代码,您将发现在您的目录中成功创建了应用程序:
var appname = "Test Application create " + DateTime.Now.Ticks; var application = new Application() { AvailableToOtherTenants = false, DisplayName = appname, ErrorUrl = null, GroupMembershipClaims = null, Homepage = "http://www.domain.com", IdentifierUris = new List() {{"https://domain.com/"+ "Test" } },// CHANGED LINE KeyCredentials = new List(), KnownClientApplications = new List(), LogoutUrl = null, Oauth2AllowImplicitFlow = false, Oauth2AllowUrlPathMatching = false, Oauth2Permissions = new List() { { new OAuth2Permission() { AdminConsentDescription = $"Allow the application to access {appname} on behalf of the signed-in user.", AdminConsentDisplayName = $"Access {appname}", Id = Guid.NewGuid(), IsEnabled = true, Type = "User", UserConsentDescription = $"Allow the application to access {appname} on your behalf.", UserConsentDisplayName = $"Access {appname}", Value = "custom_scope" // CHANGED LINE } } }, Oauth2RequirePostResponse = false, PasswordCredentials = new List(), PublicClient = false, ReplyUrls = new List(), RequiredResourceAccess = new List(), SamlMetadataUrl = null, ExtensionProperties = new List(), Manager = null, ObjectType = "Application", DeletionTimestamp = null, CreatedOnBehalfOf = null, CreatedObjects = new List(), DirectReports = new List (), Members = new List (), MemberOf = new List (), Owners = new List (), OwnedObjects = new List () }; await client.Applications.AddApplicationAsync(application);
此外,您的IdentifierUris不能包含空格,因此我将其更改为硬编码字符串。
HTH