在此练习中,你将使用 Azure Active Directory 管理中心创建新的 Azure AD Web 应用程序注册。In this exercise, you will create a new Azure AD web application registration using the Azure Active Directory admin center.

  1. 打开浏览器,并转到 Azure Active Directory 管理中心Open a browser and navigate to the Azure Active Directory admin center. 使用 个人帐户(亦称为“Microsoft 帐户”)或 工作或学校帐户 登录。Login using a personal account (aka: Microsoft Account) or Work or School Account.

  2. 选择左侧导航栏中的“Azure Active Directory”,再选择“管理”下的“应用注册”。Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.

    应用注册的屏幕截图A screenshot of the App registrations

  3. 选择“新注册”。Select New registration. 在“注册应用”页上,按如下方式设置值。On the Register an application page, set the values as follows.

    • 将“名称”设置为“Office Add-in Graph Tutorial”。Set Name to Office Add-in Graph Tutorial.
    • 将“受支持的帐户类型”设置为“任何组织目录中的帐户和个人 Microsoft 帐户”。Set Supported account types to Accounts in any organizational directory and personal Microsoft accounts.
    • 在“重定向 URI”下,将第一个下拉列表设置为“Single-page application (SPA)”,并将值设置为“https://localhost:3000/consent.html”。Under Redirect URI, set the first drop-down to Single-page application (SPA) and set the value to https://localhost:3000/consent.html.

    "注册应用程序"页的屏幕截图

  4. 选择“注册”。Select Register. "Office 外接程序图形 教程"页上,复制应用程序应用程序 (客户端) ID 并保存它,下一步将需要它。On the Office Add-in Graph Tutorial page, copy the value of the Application (client) ID and save it, you will need it in the next step.

    新应用注册的应用程序 ID 屏幕截图

  5. 选择“管理”下的“证书和密码”。Select Certificates & secrets under Manage. 选择“新客户端密码”按钮。Select the New client secret button. 在 Description 中 输入 值,然后选择"过期"选项之 一,然后选择"添加"。Enter a value in Description and select one of the options for Expires and select Add.

  6. 离开此页前,先复制客户端密码值。Copy the client secret value before you leave this page. 将在下一步中用到它。You will need it in the next step.

    重要

    此客户端密码不会再次显示,所以请务必现在就复制它。This client secret is never shown again, so make sure you copy it now.

  7. "管理"下****选择 API 权限,然后选择 "添加权限"。Select API permissions under Manage, then select Add a permission.

  8. 选择 Microsoft Graph, 然后选择 委派权限Select Microsoft Graph, then Delegated permissions.

  9. 选择以下权限,然后选择 "添加权限"。Select the following permissions, then select Add permissions.

    • offline_access - 这将允许应用在令牌过期时刷新访问令牌。offline_access - this will allow the app to refresh access tokens when they expire.
    • Calendars.ReadWrite - 这将允许应用读取和写入用户的日历。Calendars.ReadWrite - this will allow the app to read and write to the user's calendar.
    • MailboxSettings.Read - 这将允许应用从用户的邮箱设置获取用户的时区。MailboxSettings.Read - this will allow the app to get the user's time zone from their mailbox settings.

    已配置权限的屏幕截图

配置 Office 外接程序单一登录Configure Office Add-in single sign-on

在此部分中,你将更新应用注册以支持 Office 外接程序单一登录 (SSO) 。 In this section you'll update the app registration to support Office Add-in single sign-on (SSO).

  1. 选择 "公开 API"。Select Expose an API. 在此 API 定义的 范围部分中,选择 "添加范围"。In the Scopes defined by this API section, select Add a scope. 当系统提示设置应用程序 ID URI 时,将值设置为 api://localhost:3000/YOUR_APP_ID_HEREYOUR_APP_ID_HERE 以应用程序 ID 替换。When prompted to set an Application ID URI, set the value to api://localhost:3000/YOUR_APP_ID_HERE, replacing YOUR_APP_ID_HERE with the application ID. 选择 "保存"并继续Choose Save and continue.

  2. 按如下所示填写字段,然后选择"添加范围"。Fill in the fields as follows and select Add scope.

    • 范围名称:access_as_userScope name: access_as_user
    • 谁可以同意?:管理员和用户Who can consent?: Admins and users
    • 管理员同意显示名称:Access the app as the userAdmin consent display name: Access the app as the user
    • 管理员同意说明:Allows Office Add-ins to call the app's web APIs as the current user.Admin consent description: Allows Office Add-ins to call the app's web APIs as the current user.
    • 用户同意显示名称:Access the app as youUser consent display name: Access the app as you
    • 用户同意说明:Allows Office Add-ins to call the app's web APIs as you.User consent description: Allows Office Add-ins to call the app's web APIs as you.
    • 状态:已启用State: Enabled

    "添加范围"表单的屏幕截图

  3. 在"授权客户端应用程序"部分,选择 "添加客户端应用程序"。In the Authorized client applications section, select Add a client application. 从以下列表中输入客户端 ID,在"授权范围"下启用范围,然后选择"添加应用程序"。Enter a client ID from the following list, enable the scope under Authorized scopes, and select Add application. 对列表中的每个客户端 ID 重复此过程。Repeat this process for each of the client IDs in the list.

    • d3590ed6-52b3-4102-aeff-aad2292ab01c (Microsoft Office)d3590ed6-52b3-4102-aeff-aad2292ab01c (Microsoft Office)
    • ea5a67f6-b6f3-4338-b240-c655ddc3cc8e (Microsoft Office)ea5a67f6-b6f3-4338-b240-c655ddc3cc8e (Microsoft Office)
    • 57fb890c-0dab-4253-a5e0-7188c88b2bb4(Office 网页版)57fb890c-0dab-4253-a5e0-7188c88b2bb4 (Office on the web)
    • 08e18876-6177-487e-b8b5-cf950c1e598c(Office 网页版)08e18876-6177-487e-b8b5-cf950c1e598c (Office on the web)