I am trying to use the sharepoint REST APIs. They require a access_token.
I already came across this Q&A: https://learn.microsoft.com/en-us/answers/questions/607425/how-do-i-get-access-token-for-sharepoint-online-re.html
But those steps require a sign-in by a user. But that won't be possible in my flow. So, I am not looking for delegated permission. So, I tried the steps shown here(access without a user): https://learn.microsoft.com/en-us/graph/auth-v2-service
But that doesn't return a refresh_token. So I am unable to complete the step, where I am supposed to exchange the refresh_token for a Sharepoint access_token.
The app I have created for this purpose in my AAD has been given the following permissions:
But, none of the scopes mentioned there work for me when I try to make the POST https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/token call.
The 400 Bad request message says:
"AADSTS500011: The resource principal named https://microsoft.sharepoint-df.com/Sites.Read.All was not found in the tenant named . This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: \r\nCorrelation ID: \r\nTimestamp: 2022-07-08 05:20:57Z"
The only scope that doesn't give such a error is the "https://graph.microsoft.com/.default". But using the access_token it returns, when I try to hit the GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files it says 401 unauthorized (Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown)
So, in conclusion please guide me how to use the sharepoint REST APIs without the requirement of a delegated user.