Authorization and Token end points for sharepoint online

Karteek Koraganji 61 Reputation points
2021-04-12T09:13:54.637+00:00

Hi,

Scenario:

  1. Created SharePoint Online app in portal.azure.com, registered it and provided delegated permissions.
  2. Now I am trying to get the access token from Microsoft to authenticate users for SharePoint online(avoiding the basic authentication).

I am trying to get access token(OAuth 2.0) for SharePoint online using below authorization and token end point.
https://login.microsoftonline.com/<tenant-id from azure>/oauth2/v2.0/authorize
https://login.microsoftonline.com/<tenant-id from azure>/oauth2/v2.0/token

86866-1.png

After using these I am getting token for GRAPH API but not SharePoint REST API

86882-2.png 86779-3.png

In order to get access token for SharePoint REST API, what are the authorization and token end points I need to use?
Please suggest.

Note: SharePoint APP ONLY is not suitable for this scenario.
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,560 questions
SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,569 questions
Accepted answer
  1. MichaelHan-MSFT 18,016 Reputation points
    2021-04-13T02:06:39.537+00:00

    Hi @Karteek Koraganji ,

    To get access token for SharePoint REST API, please use the below Auth URL and Access Token URL: 

    Auth URL:           https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2F<tenant_name>.sharepoint.com  
Access Token URL:   https://login.microsoftonline.com/common/oauth2/token

    87154-image.png

    When you click Get Access Token, it would request you to sign in. After signing in, you would access it successfully.

    87102-image.png

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Taslim 1 Reputation point
    2021-08-14T06:37:30.783+00:00

    @MichaelHan-MSFT I don't think this works for other users in the tenant. I mean using this token we can not access site information created by users other than admin, even though we have application permission. Can you please check it. My requirement is that I have created an app on Azure Active Directory portal and given it all the permissions for sharepoint (Sites.FullControl.All this is an application permission not delegated), now I want to generate a token using admin account and can access other users sharepoint information like we do for graph api.

    I know this is also a way:
    https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs

    But problem with this approach is here user/admin has to install our application in his/her tenant using our client id, which makes user experience worst.

    We have another way but this is using windows sdk and very complicated in C#.
    https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

    Is there a simple postman way like we do for Graph API. That would be so kind of you, if you help me.

    0 comments