How to set up proper permissions to use Office365-REST-Python-Client to access (upload/delete files) to SharePoint?

Question

How to set up proper permissions to use Office365-REST-Python-Client to access (upload/delete files) to SharePoint?

cparkinson 25

I set up an app through the SharePoint site and generated a client ID and secret, but when I go to use it through the Office365-REST-Python Client API, I get the following error:

System.UnauthorizedAccessException', 'Access denied.', "403 Client Error: Forbidden for url: {url}

I'm unsure how to get this set up properly. Any help would be appreciated!

Accepted answer

0 additional answers

Your answer

Answer 1

RaytheonXie_MSFT 40,476 Microsoft External Staff

Hi @cparkinson

You will need to check the steps in grant permission to the app. First register ID and secret in https://contoso.sharepoint.com/sites/sitetitle/_layouts/15/appregnew.aspx

After generated a client ID and secret, You need to go https://contoso.sharepoint.com/sites/sitetitle/_layouts/15/appinv.aspx grant permission to the app with following xml scope

<AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>

You can refer to the following document for more details

https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs

Then you can use the code to access sharepoint

"""
Example: SharePoint App-Only auth flow
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
"""
from examples import sample_site_url, sample_client_id, sample_client_secret
from office365.runtime.auth.client_credential import ClientCredential
from office365.sharepoint.client_context import ClientContext
ctx = ClientContext(sample_site_url).with_credentials(ClientCredential(sample_client_id, sample_client_secret))
target_web = ctx.web.get().execute_query()
print(target_web.url)

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

cparkinson 25 Reputation points

2023-04-03T13:20:40.81+00:00

Hi,

I am unfortunately still getting the same error. Is there perhaps an issue with 2-factor authentication? Thanks!
RaytheonXie_MSFT 40,476 Reputation points Microsoft External Staff

2023-04-04T01:28:36.6766667+00:00

Hi @cparkinson , For new tenants, apps using an ACS app-only access token is disabled by default. We recommend using the Azure AD app-only model which is modern and more secure. But you can change the behavior by running 'set-spotenant -DisableCustomAppAuthentication $false' (needs the latest SharePoint admin PowerShell).
Aljosa Rakita 0 Reputation points

2023-10-05T07:48:04.6033333+00:00

Hey, I tried to access sharepoint via the script above, but I'm unable to grant permissions in to the app (https://se7enai.sharepoint.com/sites/test/_layouts/15/appregnew.aspx picture 1),

and when I tried to follow the suggested solution (https://www.sharepointdiary.com/2019/02/the-term-connect-sposervice-is-not-recognized-as-the-name-of-a-cmdlet-function-script-file-or-operable-program.html) I was unable to do so (picture 2).

Do you maybe have any ideas/suggestions?

The initial error I receive is 'Cannot get binary security token for from https://login.microsoftonline.com/extSTS.srf' (picture 3)
Ketul Polara 0 Reputation points

2024-10-24T18:54:03.3833333+00:00

Hey is very helpful, I tried above steps but still having the same error, is there anything else I can try.

Thanks.

Share via

How to set up proper permissions to use Office365-REST-Python-Client to access (upload/delete files) to SharePoint?

0 additional answers

Your answer