Scenario:
I created an app in Azure with permissions:
- Sites.Read.All (Delegated)
- User.Read (Delegated)
- Sites.Read.All (Application)
I'm able to follow the authorization flow and get an access and refresh token. This is the authorization URL:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={clientId}&scope=files.readwrite offline_access&response_type=code&redirect_uri={myCallbackURL}
I'm able to use the access token to get a list of my drives (I'm using js):
axios({
method: 'GET',
url: 'https://graph.microsoft.com/v1.0/me/drives',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': `Bearer ${tokens.access_token}`
}
})
Everything is ok. I also can retrieve list of files in the drive.
Now the question:
A company wants me to read the contents of a SharePoint site they shared with me.
From browser's perspective I only have access to site mysite
of mycompany
's SharePoint : https://mycompany.sharepoint.com/sites/mysite/
I have no access to company root: https://mycompany.sharepoint.com takes me to a request permissions screen. That's the expected.
I need to read the contents of mysite from GraphAPI, but after two days reading the docs I couldn't manage to get it working:
Attempts:
GET https://graph.microsoft.com/v1.0/me/sites
GET https://graph.microsoft.com/v1.0/sites/mycompany.sharepoint.com
GET https://graph.microsoft.com/v1.0/sites/mycompany.sharepoint.com:/mysite
GET https://graph.microsoft.com/v1.0/sites?$filter=siteCollection/hostname eq 'mycompany.sharepoint.com'
I also tried to change the scope scope=Sites.Read.All
to authorize URL (doesn't work, sites.read.all is a permission, not a scope, but I was running out of ideas)
Is it possible to read the contents of mysite
from Graph API?
Do I have to use a different authorization URL specifically for mycompany.sharepoint.com?
My intuition is, given I have permissions to read the contents from my browser, it should exist a way to do the same via API. But I'm not sure.