question

KarteekKoraganji-2950 avatar image
0 Votes"
KarteekKoraganji-2950 asked vijayande-6126 commented

Authorization and Token end points for sharepoint online

Hi,

Scenario:
1. Created SharePoint Online app in portal.azure.com, registered it and provided delegated permissions.
2. Now I am trying to get the access token from Microsoft to authenticate users for SharePoint online(avoiding the basic authentication).

I am trying to get access token(OAuth 2.0) for SharePoint online using below authorization and token end point.
https://login.microsoftonline.com/<tenant-id from azure>/oauth2/v2.0/authorize
https://login.microsoftonline.com/<tenant-id from azure>/oauth2/v2.0/token

86866-1.png

After using these I am getting token for GRAPH API but not SharePoint REST API

86882-2.png 86779-3.png

In order to get access token for SharePoint REST API, what are the authorization and token end points I need to use?
Please suggest.

Note: SharePoint APP ONLY is not suitable for this scenario.
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs



office-sharepoint-onlineoffice-sharepoint-server-development
1.png (69.5 KiB)
2.png (107.3 KiB)
3.png (72.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @KarteekKoraganji-2950 ,

Is there anything update? If my answer helps you, you could accept it:)

1 Vote 1 ·

Hi @MichaelHan-MSFT ,

It is working fine. Just now I verified. Thanks for the endpoints.

0 Votes 0 ·
MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered vijayande-6126 commented

Hi @KarteekKoraganji-2950 ,

To get access token for SharePoint REST API, please use the below Auth URL and Access Token URL:

 Auth URL:           https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2F<tenant_name>.sharepoint.com
 Access Token URL:   https://login.microsoftonline.com/common/oauth2/token

87154-image.png

When you click Get Access Token, it would request you to sign in. After signing in, you would access it successfully.

87102-image.png



If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




image.png (42.5 KiB)
image.png (54.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Can you please share the equivalent C# code for the same.


0 Votes 0 ·
Taslim-6113 avatar image
0 Votes"
Taslim-6113 answered Taslim-6113 edited

@MichaelHan-MSFT I don't think this works for other users in the tenant. I mean using this token we can not access site information created by users other than admin, even though we have application permission. Can you please check it. My requirement is that I have created an app on Azure Active Directory portal and given it all the permissions for sharepoint (Sites.FullControl.All this is an application permission not delegated), now I want to generate a token using admin account and can access other users sharepoint information like we do for graph api.

I know this is also a way:
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs

But problem with this approach is here user/admin has to install our application in his/her tenant using our client id, which makes user experience worst.

We have another way but this is using windows sdk and very complicated in C#.
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

Is there a simple postman way like we do for Graph API. That would be so kind of you, if you help me.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.