SharePoint Endpoint Authentication Using the Office 365 OAuth API
I am trying to access a sharepoint online site using the Office 365 API mentioned here I get an authentication token and call the discovery service as shown below:
httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
response = await httpClient.GetAsync(new Uri("https: / /api.office.com/discovery/me/services"));
data = await response.Content.ReadAsStringAsync();
I am getting the following types of endpoint urls as a result:
-
OneDrive
https://sometenant-my.sharepoint.com/personal/sometenant_data_onmicrosoft_com/_api -
Outlook linked https://outlook.office365.com/api/v1.0
I am not getting the endpoint URLs for SharePoint in the results. If I try the below code:
httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
response = await httpClient.GetAsync("https://sometenant.sharepoint.com/_api/web/lists/getByTitle('Documents')/items");
data = await response.Content.ReadAsStringAsync();
I am getting the following in the response stream:
"{\"error\":\"invalid_client\",\"error_description\":\"Invalid audience Uri 'Microsoft.SharePoint'.\"}"
Error in response:
{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
x-ms-diagnostics: 3000003;reason="Invalid audience Uri 'Microsoft.SharePoint'.";category="invalid_client"
SPRequestGuid: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
request-id: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
SPRequestDuration: 37
SPIisLatency: 25
MicrosoftSharePointTeamServices: 16.0.0.3431
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 24 Nov 2014 22:45:46 GMT
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Server: Microsoft-IIS/7.5
WWW-Authenticate: Bearer realm="xxxxxx-xxxx-xxxxx-xxxx-xxxxxxxx",client_id="xxxxxxxx-xxx-xxxx-xxxx-000000000000",trusted_issuers="xxxxxxx-xxxx-xxx-xxx-000000000000@*,https : // sts.windows.net/*/,00000003-0000-xxxxx-ce00-000000000000@xxxxxxxx-xxxxx-11e1-xxxx-xxxxxxx",authorization_uri="https://login.windows.net/common/oauth2/authorize"
X-Powered-By: ASP.NET
Content-Length: 93
}}
I believe I should be able to access SharePoint data using the Office 365 API.
I've given the app full control over all permissions on the site collection.
Please advise if I am missing something.
source to share
Initially, the target URL when trying to get the access_token differs from what SharePoint requires. I donβt know why, itβs logical for the Office365 access_token to work in SharePoint, but itβs not.
So, I am assuming your registered SharePoint app has a client_id and a client_secret . If not, there are two ways to register a new app:
- https: // {your tenantID} .sharepoint.com / _layouts / 15 / appregnew.aspx
(for some reason the client_secret created here was not checked by Azure ACS when trying to get the acess_token, at least it doesn't work for me. So I tried the one below)
- Login to your azure management portal and follow the link:
active directory (bottom left)> default directory (if you don't have any previously)> Application> Add
Enter your app details here, APP URI ID = 'https: // {your tenantID} .sharepoint.com /' and at the bottom under other app permissions "don't forget to add app> Office 365 SharePoint Online
To get an authorization code:
HTTPS: // {tenantID} .sharepoint.com / _layouts / oauthauthorize.aspx client_id = {ur client ID} & scope = Web.Read & response_type = code & redirect_uri = HTTPS% 3A% 2F% 2F% 2Flocalhost
enter the above url into chrome and enter and you will be redirected to the url you specified. In the end you will find yourself
" https: // localhost /? code = {authorization code}"
copy the authorization code
To get the scope:
GET request
https: // {your tenantID} .sharepoint.com / _vti_bin / client.svc
Authorization: Bearer (title)
Get the carrier realm component from the response header and save it.
To get an access token:
POST request
https://accounts.accesscontrol.windows.net/ {realer} / tokens / OAuth / 2
and body parameters
grant_type = authorization_code & client_id = {ur client id} & client_secret = {client secret key} & code = {auth code you received from Step above} & redirect_uri = HTTPS% 3A% 2F% 2F% 2Flocalhost & resource = 00000003- 0000-0ff1-ce00-000000000000% 2F {your tenantID} .sharepoint.com% 40 {carrier king}
& resource = 00000003-0000-0ff1-ce00-000000000000 is persistent for sharepoint
This should return a response with an access token and update the token, you should now be able to access the SharePoint REST API with this.
source to share