This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 73%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
I'm using CSOM APP-only auntentication method to connect with SharePoint in a .Net Core Application using MicrosoftSharePointCSOM package and not PNP packages.
Problem- I'm using below endpoints to auntenticate. I'm getting Access_Token for both of them
API Calls
Method 1
POST /{tennant_id}/tokens/OAuth/2 HTTP/1.1
Host: accounts.accesscontrol.windows.net
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id ={client_id}@{tennant_id}
&client_secret ={client_secret}
&resource ={resource_id}/{host_name}@{tennant_id}
Method 2
POST /{tennant_id}/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id ={client_id}
&client_secret ={client_secret}
&resource ={host_name}
I'm getting acess_token for both of them. But when I use this access_token to make ClientContext object, the access_token for only first method 1 works.
And when I use the access_token of method 2 , I get 401 unauthorized error.
C# code of ClientContext
ClientContext context = new ClientContext(web);
context.ExecutingWebRequest += (sender,e) =>
{
string access_token = accessToken;
e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer" + access_token;
};
Can you please tell me what am I doing wrong here? And why access_token of method 1 works but method 2 doesn't?
P.S - Please ignore any typo.
Hi @Anup Mahato ,
The first URL is authenticated by Azure Access Control (ACS), and the obtained access token can be used for CSOMand REST API.
Context Token OAuth flow for SharePoint Add-ins
The OAuth 2.0 Client Credentials Grant Flow use the second url to get the access token, The access token is used to authenticate to the secured resource.
Service to service calls using client credentials (shared secret or certificate)
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.