oAuthToken Generation issue

Aniruddha Aditya 316 Reputation points
2021-04-12T17:07:32.487+00:00

Hi,
I am reading the SharePoint Online Activity Event. I have been told to connect using AppID and ThumbPrint. All works to connect to SPO but not the same when I try to connect to Office 365 event log. I have given all the appropriate permission for the App in the AD App registration section. I suspect something is wrong with the code snippet and not able to fix it yet.

Check the SPO Event - Sharing and M365 EveryOne Update event

$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri "$loginURL/$TenantGUID/oauth2/token?api-version=1.0" -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
$oCheckSubscriptions = Invoke-RestMethod -Headers $headerParams -Uri "$resource/api/v1.0/$TenantGUID/activity/feed/subscriptions/list"

The above code works using AppID and AppSecret. However when i change to using self signed certificate from Keyvault. I don't get the oAuth Token.

Check the SPO Event - Sharing and M365 EveryOne Update event

$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID}
$oauth = Invoke-RestMethod -Method Post -Uri "$loginURL/$TenantGUID/oauth2/token?api-version=1.0" -Body $body -CertificateThumbprint <mythumbprint>
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
$oCheckSubscriptions = Invoke-RestMethod -Headers $headerParams -Uri "$resource/api/v1.0/$TenantGUID/activity/feed/subscriptions/list"
Write-Host $oauth.access_token

Please note I am using Azure Function and able to access SPO using the same.

Current Error:

2021-04-11T14:40:20.917 [Error] ERROR: Response status code does not indicate success: 401 (Unauthorized).Exception :Type : Microsoft.PowerShell.Commands.HttpResponseExceptionResponse : StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:{Cache-Control: no-store, no-cachePragma: no-cacheStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: c46f58a3-5dda-48b8-80b1-eb3639b84500x-ms-ests-server: 2.1.11562.11 - NCUS ProdSlicesSet-Cookie: fpc=AtdELK5lfcNKpnx4almjgu8; expires=Tue, 11-May-2021 14:40:19 GMT; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure;

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,692 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jerryzy 10,566 Reputation points
    2021-04-13T09:42:49.803+00:00

    Hi @Aniruddha Aditya ,

    If want to use Certificate for getting the oauth token, it's necessary to append "client_assertion_type" and "client_assertion" to replace client_secret:

    87372-snipaste-2021-04-13-17-35-55.png

    Microsoft identity platform and the OAuth 2.0 client credentials flow

    The "client_assertion" is difficult to generate based on the documentation here:

    Microsoft identity platform application authentication certificate credentials

    So if possible, I suggest you could still use Client_Secret as the authentication option instead of the Certificate.

    Thanks
    Best Regards

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments