Share via

Getting sharepoint v1 API token when using Graph SDK

Josh Earel 0 Reputation points
2025-01-08T21:03:15.9533333+00:00

I have a web application that uses the Graph SDK to access the Graph API to interact with a Sharepoint list. However, the Graph API cannot get a list of attachments on a Sharepoint ListItem, only a boolean saying that there are attachments. To do this you need to use the Sharepoint v1 API. The problem with this is that the Graph SDK is automatically getting the authorization token and storing it in the storage cache with this code: 

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                    .AddMicrosoftIdentityWebApp(builder.Configuration, "AzureAd")
                      .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "sites.read.all",
                              "ListItems.SelectedOperations.Selected",
                              "Lists.SelectedOperations.Selected",
                               "User.Read"})
                         .AddMicrosoftGraph(graphBaseUrl: "https://graph.microsoft.us/v1.0/")
                      .AddInMemoryTokenCaches();

I've found several posts that say that to access the Sharepoint v1 API I need to exchange the Graph API token for a Sharepoint API token by passing the refresh token. But when the token is stored in the token cache like this, as best I can tell there is no way to get the refresh token. I can get the authorization token itself using the Microsoft.Identity.Web.TokenAcquisition service, but I cannot find any way to get to the refresh token from here.

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Josh Earel 0 Reputation points
    2025-01-09T15:03:12.68+00:00

    Figured this out on my own, figured I'd post the information here for anyone who finds this link later.

    What I needed to do was set up sharepoint as a "downstream api" when initializing the authentication and token cache:

    builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                    .AddMicrosoftIdentityWebApp(builder.Configuration, "AzureAd")
                      .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "sites.read.all",
                              "ListItems.SelectedOperations.Selected",
                              "Lists.SelectedOperations.Selected",
                               "User.Read"})
                      .AddDownstreamApi("Sharepoint", builder.Configuration.GetSection("SharepointAPI.Scopes"))
                         .AddMicrosoftGraph(graphBaseUrl: "https://graph.microsoft.us/v1.0/")
                      .AddInMemoryTokenCaches();

    and then retrieve the token for that endpoint from the token cache with:

    _tokenAcquisition.GetAccessTokenForUserAsync(new List<string> { "https://{sharepointURL}/.default" });

    This let me directly access the token and set it in my API calls to the sharepoint v1 API.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.