Clever Geek Handbook

SharePoint Endpoint Authentication Using the Office 365 OAuth API

I am trying to access a sharepoint online site using the Office 365 API mentioned here I get an authentication token and call the discovery service as shown below:

httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
response = await httpClient.GetAsync(new Uri("https: / /api.office.com/discovery/me/services"));
data = await response.Content.ReadAsStringAsync();

I am getting the following types of endpoint urls as a result:

  • OneDrive
    https://sometenant-my.sharepoint.com/personal/sometenant_data_onmicrosoft_com/_api

  • Outlook linked https://outlook.office365.com/api/v1.0

I am not getting the endpoint URLs for SharePoint in the results. If I try the below code:

 httpClient = new HttpClient();
 httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
 httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
 response = await httpClient.GetAsync("https://sometenant.sharepoint.com/_api/web/lists/getByTitle('Documents')/items");
 data = await response.Content.ReadAsStringAsync();

I am getting the following in the response stream:

"{\"error\":\"invalid_client\",\"error_description\":\"Invalid audience Uri 'Microsoft.SharePoint'.\"}"

Error in response:

{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  x-ms-diagnostics: 3000003;reason="Invalid audience Uri 'Microsoft.SharePoint'.";category="invalid_client"
  SPRequestGuid: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
  request-id: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
  SPRequestDuration: 37
  SPIisLatency: 25
  MicrosoftSharePointTeamServices: 16.0.0.3431
  X-Content-Type-Options: nosniff
  X-MS-InvokeApp: 1; RequireReadOnly
  Date: Mon, 24 Nov 2014 22:45:46 GMT
  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
  Server: Microsoft-IIS/7.5
  WWW-Authenticate: Bearer realm="xxxxxx-xxxx-xxxxx-xxxx-xxxxxxxx",client_id="xxxxxxxx-xxx-xxxx-xxxx-000000000000",trusted_issuers="xxxxxxx-xxxx-xxx-xxx-000000000000@*,https : // sts.windows.net/*/,00000003-0000-xxxxx-ce00-000000000000@xxxxxxxx-xxxxx-11e1-xxxx-xxxxxxx",authorization_uri="https://login.windows.net/common/oauth2/authorize"
  X-Powered-By: ASP.NET
  Content-Length: 93
}}

I believe I should be able to access SharePoint data using the Office 365 API.

I've given the app full control over all permissions on the site collection.

Please advise if I am missing something.

+3


source to share


1 answer


Initially, the target URL when trying to get the access_token differs from what SharePoint requires. I don’t know why, it’s logical for the Office365 access_token to work in SharePoint, but it’s not.

So, I am assuming your registered SharePoint app has a client_id and a client_secret . If not, there are two ways to register a new app:

  • https: // {your tenantID} .sharepoint.com / _layouts / 15 / appregnew.aspx

(for some reason the client_secret created here was not checked by Azure ACS when trying to get the acess_token, at least it doesn't work for me. So I tried the one below)

  1. Login to your azure management portal and follow the link:

active directory (bottom left)> default directory (if you don't have any previously)> Application> Add

Enter your app details here, APP URI ID = 'https: // {your tenantID} .sharepoint.com /' and at the bottom under other app permissions "don't forget to add app> Office 365 SharePoint Online

To get an authorization code:

HTTPS: // {tenantID} .sharepoint.com / _layouts / oauthauthorize.aspx client_id = {ur client ID} & scope = Web.Read & response_type = code & redirect_uri = HTTPS% 3A% 2F% 2F% 2Flocalhost

enter the above url into chrome and enter and you will be redirected to the url you specified. In the end you will find yourself

" https: // localhost /? code = {authorization code}"

copy the authorization code

To get the scope:



GET request

https: // {your tenantID} .sharepoint.com / _vti_bin / client.svc

Authorization: Bearer (title)

Get the carrier realm component from the response header and save it.

To get an access token:

POST request

https://accounts.accesscontrol.windows.net/ {realer} / tokens / OAuth / 2

and body parameters

grant_type = authorization_code & client_id = {ur client id} & client_secret = {client secret key} & code = {auth code you received from Step above} & redirect_uri = HTTPS% 3A% 2F% 2F% 2Flocalhost & resource = 00000003- 0000-0ff1-ce00-000000000000% 2F {your tenantID} .sharepoint.com% 40 {carrier king}

& resource = 00000003-0000-0ff1-ce00-000000000000 is persistent for sharepoint

This should return a response with an access token and update the token, you should now be able to access the SharePoint REST API with this.

+1


source






More articles:


All Articles