Good morning everyone,
I'm trying to make a connection to SharePoint but it is not been possible. I have followed two different paths which I get to two different errors. I describe the followed steps below:
First option:
1.First, we register the app in SharePoint with the following data:
URL: https://<tenant>.SharePoint.com/_layouts/15/appregnew.aspx
Client Id: <clientID>Client Secret: <clientSecret>Title: TestApp Domain: localhostRedirect URI: https://localhost
We have been trying to set different values in App Domain and Redirect URI. App Domain: www.<tenant>.onmicrosoft.comRedirect URI: https://<tenant>.sharepoint.com
App Domain: https://.onmicrosoft.comRedirect URI: https://<tenant>.onmicrosoft.com
However, when trying to create the app we get an error message:"An unexpected error has ocurred"
That is why we use localhost and https://localhost in those fields.
2.Create app selecting "Create" button
We Grant Access and Full Control Permissions to the app in the url:
URL: https://<tenant>-admin.sharepoint.com/_layouts/15/appinv.aspx
4.We introduce the following dataAppId: <clientID>5.Select "Lookup" button6.In the Permissions Request XML field, we enter the following permission request (in XML format):<AppPermissionRequests AllowAppOnlyPolicy="true"><AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /></AppPermissionRequests>7.Select Create. In the redirecte page we click Trust In.
In PosstMan, we introduce the following curl.curl --location --request POST 'https://accounts.accesscontrol.windows.net/<tenant_id>/tokens/OAuth/2' ;\
--header 'Cookie: fpc=AlHAxIAjXTJFgCmtF2Q01PHKP_RTAQAAAMb_LNsOAAAAfxG7NAIAAAAe_izbDgAAAA' \
--form 'grant_type="client_credentials"' \
--form 'client_id="<client_id>@<tenant_id>"' \
--form 'resource="00000003-0000-0ff1-ce00-000000000000/<tenant>.sharepoint.com@<tenant_id>"' \
--form 'client_secret="<client_secret>"
This previus curl returns us a Bearer token, that we use in the next curl
curl --location --request GET 'https://<tenant>-admin.sharepoint.com/_api/search/query?querytext=%5CContext:STS_Web%5C' --header 'Authorization: Bearer <bearer token>'
This curls returns us an error:"Invalid Audience Uri "
Second option using Refresh Token/Auth Code:
1.In the Azure Active Directory we register a new application:
a) We generate the Client ID and Client Secret, without redirect uri
b) We assign the following required permissions to the application
Permission Type Purpose,
Microsoft GRAPH API
Directory.ReadWrite.All Delegated Read, Update, and Delete Group Add membership
Directory.AccessAsUser.All Delegated Change Password and Delete User
User.ReadWrite.All Delegated Read and Update any User
Group.ReadWrite.All Delegated Read and write all groups
GroupMember.ReadWrite.All Delegated Read and write group memberships
Sites.FullControl.All Delegated Have full control of all site collections
SharePoint Online API
AllSites.FullControl Delegated Have full control of all site collections
AllSites.Manage Delegated Read and write items and lists in all site collections
Sites.FullControl.All Application Have full control of all site collections
Sites.Search.All Delegated Run search queries as a user
User.ReadWrite.All Delegated Read and write user profiles
User.ReadWrite.All Application Read and write user profiles
- We Grant Access and Full Control Permissions to the app by using the folling url: https://<tenant>-admin.sharepoint.com/_layouts/15/appinv.aspx introducing the following data
AppId: <clientID>
Select "Lookup" button
Fill in the app domain with localhost
and the redirect url with https://localhost
In the Permissions Request XML field, we enter the following permission request (in XML format):
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
Select Create. In the redirecte page we click Trust In.
- We then try to generate a refresh token, by first trying to obtain an authorization code using the following request through a web browser:
https://<tenant>.sharepoint.com/_layouts/15/OAuthAuthorize.aspx?client_id=<client_ID>&scope=<app_permissions_list>&response_type=code&redirect_uri=<redirect_uri>
where
scope = "https://graph.windows.net/Directory.Read.All https://graph.windows.net/User.Read https://graph.windows.net/.default"
redirect uri = https://localhost
The Response in browser address bar should be displayed as follows:
https://localhost/?code=<code> however, we obtain an error telling us that the URL is invalid.
Nevertheless, the following steps we would need to perform would be:
- Copy the <code> part, which is the authorization code.
curl --location --request GET 'https://accounts.accesscontrol.windows.net/<tenant_id>/tokens/OAuth/2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-raw 'client_id=<cliendID>&scope=offline_access%20https://graph.microsoft.com/.default&code=<code>&redirect_uri=https://localhost&grant_type=<authorization_code>&client_secret=<client_secret>&resource=00000003-0000-0ff1-ce00-000000000000%2F<tenant>.sharepoint.com%40<tenant_id>'
This request would return us the refresh token.
Note that we have put all the placeholders between this sign <>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 11%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 38%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETZ%3C/text%3E%3C/svg%3E)