Share via

Problems connecting with SharePoint

Anonymous
2022-12-19T09:14:36+00:00

Good morning everyone,

I'm trying to make a connection to SharePoint but it is not been possible. I have followed two different paths which I get to two different errors. I describe the followed steps below:

First option:

1.First, we register the app in SharePoint with the following data:

URL: https://<tenant>.SharePoint.com/_layouts/15/appregnew.aspx

Client Id:      <clientID>
Client Secret:      <clientSecret>
Title:                     Test
App Domain:      localhost
Redirect URI:      https://localhost

We have been trying to set different values in App Domain and Redirect URI. 
App Domain:       www.<tenant>.onmicrosoft.com
Redirect URI:       https://<tenant>.sharepoint.com

App Domain:      https://.onmicrosoft.com
Redirect URI:      https://<tenant>.onmicrosoft.com

However, when trying to create the app we get an error message:
"An unexpected error has ocurred"

That is why we use localhost and https://localhost in those fields.

2.Create app selecting "Create" button

  1. We Grant Access and Full Control Permissions to the app in the url:

URL: https://<tenant>-admin.sharepoint.com/_layouts/15/appinv.aspx

4.We introduce the following data
AppId: <clientID>
5.Select "Lookup" button
6.In the Permissions Request XML field, we enter the following permission request (in XML format):
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
7.Select Create. In the redirecte page we click Trust In.

  1. In PosstMan, we introduce the following curl.
    curl --location --request POST 'https://accounts.accesscontrol.windows.net/<tenant_id>/tokens/OAuth/2' \

--header 'Cookie: fpc=AlHAxIAjXTJFgCmtF2Q01PHKP_RTAQAAAMb_LNsOAAAAfxG7NAIAAAAe_izbDgAAAA' \

--form 'grant_type="client_credentials"' \

--form 'client_id="<client_id>@<tenant_id>"' \

--form 'resource="00000003-0000-0ff1-ce00-000000000000/<tenant>.sharepoint.com@<tenant_id>"' \

--form 'client_secret="<client_secret>"

  1. This previus curl returns us a Bearer token, that we use in the next curl

curl --location --request GET 'https://<tenant>-admin.sharepoint.com/_api/search/query?querytext=%5CContext:STS_Web%5C' \
--header 'Authorization: Bearer <bearer token>'

This curls returns us an error:
"Invalid Audience Uri "

Second option using Refresh Token/Auth Code:

1.In the Azure Active Directory we register a new application:

a) We generate the Client ID and Client Secret, without redirect uri

b) We assign the following required permissions to the application

Permission                      Type                      Purpose,

Microsoft GRAPH API
Directory.ReadWrite.All         Delegated                 Read, Update, and Delete Group Add membership
Directory.AccessAsUser.All      Delegated                 Change Password and Delete User
User.ReadWrite.All              Delegated                 Read and Update any User
Group.ReadWrite.All             Delegated                  Read and write all groups
GroupMember.ReadWrite.All       Delegated                 Read and write group memberships
Sites.FullControl.All           Delegated                 Have full control of all site collections

SharePoint Online API
AllSites.FullControl            Delegated                 Have full control of all site collections
AllSites.Manage                 Delegated                 Read and write items and lists in all site collections
Sites.FullControl.All           Application               Have full control of all site collections
Sites.Search.All                Delegated                 Run search queries as a user
User.ReadWrite.All              Delegated                 Read and write user profiles
User.ReadWrite.All              Application               Read and write user profiles

  1. We register the app in sharepoint (using the following url https://<tenant>.SharePoint.com/_layouts/15/appregnew.aspx) with the following data:

Client Id:          <clientID generated in azureAD>
Client Secret:      <clientSecret generated in azureAD>
Title:               Test
App Domain:          localhost
Redirect URI:        https://localhost

We have also tried to set different values in App Domain and Redirect URI. 
App Domain:       www.<tenant>.onmicrosoft.com
Redirect URI:       https://<tenant>.sharepoint.com

App Domain:      https://.onmicrosoft.com
Redirect URI:      https://<tenant>.onmicrosoft.com

However, when trying to create the app we get an error message:
"An unexpected error has ocurred"

That is why we use localhost and https://localhost in those fields.

  1. We Grant Access and Full Control Permissions to the app by using the folling url: https://<tenant>-admin.sharepoint.com/_layouts/15/appinv.aspx introducing the following data
    AppId: <clientID>

Select "Lookup" button

In the Permissions Request XML field, we enter the following permission request (in XML format):
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Select Create. In the redirecte page we click Trust In.

  1. We then try to generate a refresh token, by first trying to obtain an authorization code using the following request through a web browser:
    https://<tenant>.sharepoint.com/_layouts/15/OAuthAuthorize.aspx?client_id=<client_ID>&scope=<app_permissions_list>&response_type=code&redirect_uri=<redirect_uri>

where 
scope = "https://graph.windows.net/Directory.Read.All https://graph.windows.net/User.Read https://graph.windows.net/.default" 
redirect uri = https://localhost

The Response in browser address bar should be displayed as follows:
https://localhost/?code=<code> hhowever, we obtain an error telling us that the URL is invalid.

Nevertheless, the following steps we would need to perform would be:

  1. Copy the <code> part, which is the authorization code.

curl --location --request GET 'https://accounts.accesscontrol.windows.net/<tenant_id>/tokens/OAuth/2' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--data-raw 'client_id=<cliendID>&scope=offline_access%20https://graph.microsoft.com/.default&code=<code>&redirect_uri=https://localhost&grant_type=<authorization_code>&client_secret=<client_secret>&resource=00000003-0000-0ff1-ce00-000000000000%2F<tenant>.sharepoint.com%40<tenant_id>'

This request would return us the refresh token.

Note that we have put all the placeholders between this sign <>

Microsoft 365 and Office | SharePoint | For business | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-12-19T09:53:13+00:00

    Dear David,

    Good day! Thanks for posting in the community. We are happy to help you.

    We would love to help you with your query, however, our team focuses on SharePoint built-in feature queries. Since we have a specific channel Microsoft Q&A Community coping with such registering app issues, I would like to suggest you post a new thread (assign the tab sharepoint-dev) there for expert help. Sorry for that our category may have limited resources on checking on the situation further.

    Appreciate your understanding and patience.

    Sincerely,

    George | Microsoft Community Moderator

    Was this answer helpful?

    0 comments