当添加或修改任何共享点列表项时,我创建了一个流程,然后我在电源自动流程上触发,但有时它会给我未经授权的错误,并且流程未成功触发。我从 Power Automate 中的“Flow Checker”收到以下错误。
令牌交换错误:运行时调用被阻止,因为连接有错误状态:已启用|错误,sharepointonline 在阻止列表中。连接错误:[参数名称:令牌,错误:代码:未经授权,消息:“无法刷新服务的访问令牌:sharepointonlinecertificatev2。相关 ID=b432bd04-0487-4654-ad92-5bf4fc02968a,UTC 时间戳=5/13/2021 4:45:42 PM,错误:无法从 AAD 获取令牌:{"error":"invalid_grant","error_description": “AADSTS50173:所提供的补助金已过期,原因是如果它被撤销,则需要新的身份验证令牌。该授权是在“2021-05-12T06:23:56.0000000Z”和 TokensValidFrom 日期(在此之前令牌无效)颁发的。该用户的值为“2021-05-12T22:00:06.0000000Z”。 跟踪 ID:271904ff-f200-4ab3-8cd3-e86d01532400 相关 ID:e92855d2-cc58-42f1-9685-b152d0011481 时间戳: 2021-05-13 16:45:42Z","error_codes":[50173],"时间戳":"2021-05-13 16:45:42Z","trace_id":"271904ff-f200-4ab3-8cd3-e86d01532400","correlation_id":"e92855d2-c c58-42f1-9685-b152d0011481","error_uri":"https://login.windows.net/error?code=50173"}']
我的场景:
我已使用 bicep IaaC 部署了 SPO 连接器,然后我对 SPO 的 api 连接器进行了身份验证。
我最初使用托管身份,但它不起作用,然后我设置为托管身份和系统分配身份。他们给了它一些时间坐下来,一切都开始完美运行:
我遇到以下错误:
{
"statusCode": 401,
"headers": {
"x-ms-failure-cause": "apihub-token-exchange",
"x-ms-apihub-obo": "false",
"x-ms-apihub-cached-response": "true",
"Date": "Mon, 25 Nov 2024 22:45:30 GMT",
"Content-Length": "483",
"Content-Type": "application/json"
},
"body": {
"status": 401,
"source": "https://logic-apis-australiasoutheast.token.azure-apim.net:443/tokens/logic-apis-australiasoutheast/132431/sharepointonline/234234/exchange",
"message": "Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and sharepointonline is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthenticated, Message: 'This connection is not authenticated.']"
}
}
我的二头肌代码:
/*
------------------------------------------------
Connectors
------------------------------------------------
*/
// Suppress warning BCP081: Resource type does not have types available
#disable-next-line BCP081
resource spoConnector 'Microsoft.Web/connections@2018-07-01-preview' = {
name: spoConnectorName
location: location
kind: 'V2'
properties: {
displayName: spoConnectorName
api: {
name: 'sharepointonline'
displayName: 'SharePoint'
description: 'SharePoint Online Connector'
id: subscriptionResourceId('Microsoft.Web/locations/managedApis', location, 'sharepointonline')
type: 'Microsoft.Web/locations/managedApis'
}
}
}
/*
------------------------------------------------
SPO Connector Access Policy
------------------------------------------------
*/
// Suppress warning BCP081: Resource type does not have types available
// Access policy for Managed Identity
#disable-next-line BCP081
resource lacMidAccessPolicy 'Microsoft.Web/connections/accessPolicies@2016-06-01' = {
name: 'lacaccesspolicy-managedIdentity-${managedIdentity.name}'
location: location
parent: spoConnector
properties: {
principal: {
type: 'ActiveDirectory'
identity: {
objectId: managedIdentity.properties.principalId
tenantId: tenant().tenantId
}
}
}
}
// Access policy for SystemAssigned Identity of the Logic App
#disable-next-line BCP081
resource lacSysAssignedAccessPolicy 'Microsoft.Web/connections/accessPolicies@2016-06-01' = {
name: 'lacaccesspolicy-systemAssigned-${logicApp.name}'
location: location
parent: spoConnector
properties: {
principal: {
type: 'ActiveDirectory'
identity: {
objectId: logicApp.identity.principalId
tenantId: tenant().tenantId
}
}
}
}
逻辑应用程序连接(Json):
"managedApiConnections": {
"sharepointonline": {
"api": {
"id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/providers/Microsoft.Web/locations/@{appsetting('WORKFLOWS_LOCATION_NAME')}/managedApis/sharepointonline"
},
"authentication": {
"type": "ManagedServiceIdentity"
},
"connection": {
"id": "/subscriptions/@{appsetting('WORKFLOWS_SUBSCRIPTION_ID')}/resourceGroups/@{appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')}/providers/Microsoft.Web/connections/@appsetting('SPOConnectionname')"
},
"connectionRuntimeUrl": "@appsetting('SPOConnectionRuntimeUrl')"
}
}
}