查看应用注册、权限和许可Review app registration, permissions, and consent

本文是步骤 3:查看应用程序迁移过程的详细信息的一部分This article is part of step 3: review app details of the process to migrate apps.

对于任何应用更新,有三个方面需要考虑:For any app update, there are three areas to consider:

  • 应用注册:可以在应用程序代码中继续使用现有 () appId 注册帐户。App registration: You can continue to use your existing app registration (appId) in your application code.

    不需要 重新注册应用以迁移到 Microsoft Graph。You do not have to re-register your app to migrate to Microsoft Graph. 只需更新代码,进行大量测试,然后部署更新。Simply update the code, test heavily, and then deploy your update.

  • 权限:应该将配置的权限更改为等效的 Microsoft Graph 权限。Permissions: You should change your configured permissions to the equivalent Microsoft Graph permissions. 为 Azure AD Graph 授予的委派权限也会隐式视为为 Microsoft Graph 授予。Delegated permissions which were granted for Azure AD Graph will be implicitly considered granted for Microsoft Graph also. 需要再次 (应用程序) 应用程序角色的应用程序权限。Application permissions (app roles) will need to be granted again.

    如果你的更新还表明使用了对 Azure AD Graph 不可用的特性或功能,你可能需要请求获取这些新功能的权限。If your update also incudes the use of features or capabilities that aren't available to Azure AD Graph, you'll likely need to request permissions for these new features. 如果是这样,你可以将应用切换为使用 MSAL 和 v2 终结点,并动态请求其他/增量同意。If that's the case, you can switch your app to use MSAL and the v2 endpoint, and request additional/incremental consent dynamically. 查看应用身份验证库更改,查找有关切换到 MSAL 的更多详细信息Find more details about switching to MSAL in review app authentication library changes.

  • 同意:已授予委派权限 (或已由管理员) 授予同意的最终用户无需再次授予同意即可继续使用你的应用。Consent: End-users who have already granted consent for delegated permissions (or for whom consent has already been granted by an admin) can continue using your app without being asked to grant consent again.

    已同意你的应用访问其数据的用户可以在应用更新为使用 Microsoft Graph 后继续使用它,无需再次请求同意。Users who have already granted consent to your app to access their data can continue to use your app after it's been updated to use Microsoft Graph, without being asked to consent again. 将提示新用户征得同意。New users will be prompted for consent.

简单迁移项目应不会在这些方面遇到任何问题。Simple migration projects should experience no issues in these areas.

但是,如果您使用新功能、服务或添加其他功能,您可能需要新的权限,并且可能需要最终用户同意。However, if you use new features, services, or add additional capabilities, you may need new permissions and end-user consent may be required. 在这种情况下,刷新令牌时将请求同意。In such cases, consent is requested when tokens are refreshed.

后续步骤Next Steps

  • 了解 Azure AD Graph 和 Microsoft Graph 之间的身份验证库差异。Learn authentication library differences between Azure AD Graph and Microsoft Graph.
  • 再次查看 检查 表。Review the checklist again.