Able to get Sharepoint token from Postman but curl fails with 'curl: (6) Could not resolve host: accounts.accesscontrol.windows.net'

Question

I needed to get data from a Sharepoint list. So I followed the documented procedure to generate a token in Postman. Within my organization I could only specify 'grant_type = 'client_credentials' for some reason and grant_type = 'authorization_code' did not work. I could then copy/paste this token into my application script to successfully retrieve the data. So far, so good.

In Postman, 'grant_type = client_credentials' does not return a refresh token. The above token I get is short-lived. So I'm trying to create a new token each time in my application using a system-call to curl.

I verified that the Postman call worked and I copied that exact command from Postman (verbatim) according to this curl command. The string looks like:

curl --location --max-time 1000 --request POST 'https://accounts.accesscontrol.windows.net/[...]/tokens/OAuth/2' --header 'Content-Type: application/x-www-form-urlencoded' --header 'Cookie: esctx=AQABAAAAAAD--DLA3VO7QrddgJg7WevrbBVCt369nz7Jni4iPCMokBEc1tkEZ08H3soU6JWnoDTyn05CDibW_eX5CgQqjGjem_72VHKAbefA1IAUBJiFPSCroSIohOHfU7X7D16hwnR6cBcLfczq0nQAaU0P6vUfaN5pZsBxK-Iffnow2He6BG_bjs_mHFs4-oqxCIo_mdufK8qAueLB8LeUmV2jkojB7WBrJ6w12huVNzCrxcFCpzUB5Psoe6YvuqfO0cwqTAwgAA; fpc=Ar4h7FBOD6RNjx8fz-5uDKHkfFA2AQAAAHUGK9sOAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id=[client_id]@[realm]' --data-urlencode 'client_secret=[client_secret' --data-urlencode 'resource=00000003-0000-0ff1-ce00-000000000000/[targethost]@realm'

Of course, I've replaced the sensitive data above But this is an EXACT copy of the curl command from Postman.

When I run the above command in a bash window, I get the following error:

curl: (6) Could not resolve host: accounts.accesscontrol.windows.net

I've tried the Powershell version from the successful Postman call from a script and that does successfully return an access token. But not all our users have Powershell, so I think curl would be the only way. I'm able to successfully use nslookup on this host-name and also ping it. Only the curl command seems to fail all the time.

I'd appreciate any guidance/advice on how to make this work in curl. Thanks in advance.

Answer 1

Hi @Rust Shazam
Per my research, you could use following script to get access token

wwwauthenticate=$(curl -i -H "Authorization: Bearer" -s "https://YourTenant.sharepoint.com/_vti_bin/client.svc/" | grep -i "www-authenticate")  
bearer_realm=$(echo $wwwauthenticate | awk -F"," '{print $1}' | awk -F"=" '{print $2}' | tr -d '"')  
app_id=$(echo $wwwauthenticate | awk -F"," '{print $2}' | awk -F"=" '{print $2}'  | tr -d '"')  
  
grant_type="grant_type=client_credentials"  
cl_id="client_id=c2xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx@$bearer_realm"  
cl_secret="client_secret=3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"  
res="resource=$app_id/YourTenant.sharepoint.com@$bearer_realm"  
url="https://accounts.accesscontrol.windows.net/$bearer_realm/tokens/OAuth/2"  
content_type="Conent-Type: application/x-www-form-urlencoded"  
  
access_token=$(curl -X POST -H $content_type --data-urlencode $grant_type --data-urlencode $cl_id --data-urlencode $cl_secret --data-urlencode $res -s $url | awk -F":" '{print $NF}' | tr -d '"}')  
  
echo $access_token  

Here is the link for more details, please refer to the steps
https://stackoverflow.com/questions/28449299/curl-request-to-microsoft-sharepoint-api

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---