Share via

Access to sharepoint using Sharepoint returning "Token type is not allowed" , and using windows powershell will prompt "Connect-SPOService : The sign-in name or password does not match one in the Microsoft account system. "

Fatemeh_6631 5 Reputation points
2023-02-07T19:07:39.55+00:00

I need to connect to SharePoint site using 

client_id =  	"+++"
client_secret =  "+++"
# Title:   	graham_site_app2
# App Domain:   	localhost
# Redirect URI:   	https://localhost

import requests
import json

tenant =  '***'
tenant_id = '***'
client_id = client_id + '@' + tenant_id

data = {
    'grant_type':'client_credentials',
    'resource': "00000003-0000-0ff1-ce00-000000000000/" + tenant + ".sharepoint.com@" + tenant_id, 
    'client_id': client_id,
    'client_secret': client_secret,
}

headers = {
    'Content-Type':'application/x-www-form-urlencoded'
}

url = "https://accounts.accesscontrol.windows.net/{tenant_id}/tokens/OAuth/2"
r = requests.post(url, data=data, headers=headers)
json_data = json.loads(r.text)

print(json_data)

Then getting access token,

headers = {
    'Authorization': "Bearer " + json_data['access_token'],
    'Accept':'application/json;odata=verbose',
    'Content-Type': 'application/json;odata=verbose'
}

url = "https://tenent.sharepoint.com/sites/site_name/_api/web/Lists/getbytitle('events2')/items"
l = requests.get(url, headers=headers)

l.raise_for_status
print(l.text)

I get this error:

{"error":"invalid_request","error_description":"Token type is not allowed."}

I have followed this:

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

$adminUPN="<the full email address of a SharePoint administrator account, example: ******@contosotoycompany.onmicrosoft.com>"

$orgName="<name of your Office 365 organization, example: contosotoycompany>"

$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."

Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

set-spotenant -DisableCustomAppAuthentication $false

but I get the error:

Connect-SPOService : The sign-in name or password does not match one in the Microsoft account system.

I have onmicrosoft.com account.

What is wrong?

Microsoft 365 and Office SharePoint For business Windows
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff
    2023-02-08T02:10:32.6033333+00:00

    Hi @Fatemeh_6631

    Per my test, I can connect admin center with powershell

    User's image

    For the issue, Please check if your account has MFA (Multi-factor authentication) enabled. If your account with multi-factor authentication (MFA), your script will not work. You can use WebLogin to connect SPO. Just remove the $Credential like following

    Connect-SPOService -Url https://tenant-admin.sharepoint.com 
set-spotenant -DisableCustomAppAuthentication $false

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.