命名空间:microsoft.graph
获取 OAuth 访问令牌,以授权Microsoft Entra预配服务将用户预配到应用程序中。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
✅ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
Synchronization.ReadWrite.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
Application.ReadWrite.OwnedBy |
Synchronization.ReadWrite.All |
重要
在具有工作或学校帐户的委托方案中,登录用户必须是组的所有者或成员,或者分配有受支持的Microsoft Entra角色或具有支持的角色权限的自定义角色。 此操作支持以下最低特权角色。
- 应用程序管理员
- 云 应用程序管理员
- 混合标识管理员 - 配置Microsoft Entra云同步
HTTP 请求
POST /applications/{applicationsId}/synchronization/acquireAccessToken
POST /servicePrincipals/{servicePrincipalsId}/synchronization/acquireAccessToken
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中,提供参数的 JSON 表示形式。
下表显示了可用于此操作的参数。
响应
如果成功,此操作返回 204 No Content 响应代码。
示例
请求
POST https://graph.microsoft.com/beta/applications/{applicationsId}/synchronization/acquireAccessToken
Content-Type: application/json
{
"credentials": [
{
"@odata.type": "microsoft.graph.synchronizationSecretKeyStringValuePair"
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Applications.Item.Synchronization.AcquireAccessToken;
using Microsoft.Graph.Beta.Models;
var requestBody = new AcquireAccessTokenPostRequestBody
{
Credentials = new List<SynchronizationSecretKeyStringValuePair>
{
new SynchronizationSecretKeyStringValuePair
{
OdataType = "microsoft.graph.synchronizationSecretKeyStringValuePair",
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Applications["{application-id}"].Synchronization.AcquireAccessToken.PostAsync(requestBody);
mgc-beta applications synchronization acquire-access-token post --application-id {application-id} --body '{\
"credentials": [\
{\
"@odata.type": "microsoft.graph.synchronizationSecretKeyStringValuePair"\
}\
]\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphapplications "github.com/microsoftgraph/msgraph-beta-sdk-go/applications"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphapplications.NewAcquireAccessTokenPostRequestBody()
synchronizationSecretKeyStringValuePair := graphmodels.NewSynchronizationSecretKeyStringValuePair()
credentials := []graphmodels.SynchronizationSecretKeyStringValuePairable {
synchronizationSecretKeyStringValuePair,
}
requestBody.SetCredentials(credentials)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.Applications().ByApplicationId("application-id").Synchronization().AcquireAccessToken().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.applications.item.synchronization.acquireaccesstoken.AcquireAccessTokenPostRequestBody acquireAccessTokenPostRequestBody = new com.microsoft.graph.beta.applications.item.synchronization.acquireaccesstoken.AcquireAccessTokenPostRequestBody();
LinkedList<SynchronizationSecretKeyStringValuePair> credentials = new LinkedList<SynchronizationSecretKeyStringValuePair>();
SynchronizationSecretKeyStringValuePair synchronizationSecretKeyStringValuePair = new SynchronizationSecretKeyStringValuePair();
synchronizationSecretKeyStringValuePair.setOdataType("microsoft.graph.synchronizationSecretKeyStringValuePair");
credentials.add(synchronizationSecretKeyStringValuePair);
acquireAccessTokenPostRequestBody.setCredentials(credentials);
graphClient.applications().byApplicationId("{application-id}").synchronization().acquireAccessToken().post(acquireAccessTokenPostRequestBody);
const options = {
authProvider,
};
const client = Client.init(options);
const acquireAccessToken = {
credentials: [
{
'@odata.type': 'microsoft.graph.synchronizationSecretKeyStringValuePair'
}
]
};
await client.api('/applications/{applicationsId}/synchronization/acquireAccessToken')
.version('beta')
.post(acquireAccessToken);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Applications\Item\Synchronization\AcquireAccessToken\AcquireAccessTokenPostRequestBody;
use Microsoft\Graph\Beta\Generated\Models\SynchronizationSecretKeyStringValuePair;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AcquireAccessTokenPostRequestBody();
$credentialsSynchronizationSecretKeyStringValuePair1 = new SynchronizationSecretKeyStringValuePair();
$credentialsSynchronizationSecretKeyStringValuePair1->setOdataType('microsoft.graph.synchronizationSecretKeyStringValuePair');
$credentialsArray []= $credentialsSynchronizationSecretKeyStringValuePair1;
$requestBody->setCredentials($credentialsArray);
$graphServiceClient->applications()->byApplicationId('application-id')->synchronization()->acquireAccessToken()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Applications
$params = @{
credentials = @(
@{
"@odata.type" = "microsoft.graph.synchronizationSecretKeyStringValuePair"
}
)
}
Get-MgBetaApplicationSynchronizationAccessToken -ApplicationId $applicationId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.applications.item.synchronization.acquire_access_token.acquire_access_token_post_request_body import AcquireAccessTokenPostRequestBody
from msgraph_beta.generated.models.synchronization_secret_key_string_value_pair import SynchronizationSecretKeyStringValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AcquireAccessTokenPostRequestBody(
credentials = [
SynchronizationSecretKeyStringValuePair(
odata_type = "microsoft.graph.synchronizationSecretKeyStringValuePair",
),
],
)
await graph_client.applications.by_application_id('application-id').synchronization.acquire_access_token.post(request_body)
响应
HTTP/1.1 204 No Content