stackoom
  简体   繁体   中英

Obtain SharePoint specific access token for a non-user application

 原文  2022-08-26 05:02:41       sharepoint/ microsoft-graph-api/ sharepoint-api

Question

I am working on a PHP web app that needs to make HTTP requests to the Sharepoint API with Sites.Selected permission to a specific SharePoint site. It is NOT viable for me to provide a user sign-in experience so I need to treat it as a non-user/daemon application.

I've read the docs and looked at many different forums for the solution but as of yet I've been unsuccessfull in obtaining a SPO specific access token, although I think I'm close.

I am using this StackOverflow answer as a guide: https://stackoverflow.com/a/63386756/19038862

This is what I've done:

  1. Registered an Azure App: (Image of my Azure App Overview)
  2. Created a client secret in the App dashboard: (Image of the client secret page)
  3. Successfully sent a request to https://login.microsoftonline.com/{{app_tenant_id}}/oauth2/v2.0/token using the client secret in Postman: (Image of Postman request)

The request made in step 3 returns an access token (I assume a MS Graph access token?), but it DOES NOT return a refresh token , which is what the afforementioned StackOverflow answer suggests you need to "swap" for an SPO specific access token.

How do I obtain this refresh token so that I can swap it for a SPO access token? Or what better way is there to get my hands on a SPO specific access token from a non-user app?

3 answers

solution1
 0  2022-08-26 06:08:40

In the guide is described that you have to get a delegated auth token from graph but you are getting an application auth token . The token response of this flow does not contain a refresh_token . See here .

But you already wrote that you are not able to provide a user sign-in experience. One workaround would be to once manually get the access_token and refresh_token of a user with the delegated flow and then periodically get a new access_token with the refresh_token on your server. You could store these values in your database and update them when you fetch a new one.

solution2
 0  2022-08-26 08:52:55

First, the daemon-based client credential flow does not return a refresh token for you. You also can't redeem the refresh token of the graph API for an access token for SPO, which are two completely different API resources.

To get an access token for SPO you just need to set scope to: https://{tenant-name}.sharepoint.com/.default .

If the answer is helpful, please click "Accept Answer" and kindly upvote it.

solution3
 0 ACCPTED  2022-09-08 10:39:05

I wrote this gist to guide you into getting Sites.Selected access to the desired site: https://gist.github.com/ruanswanepoel/14fd1c97972cabf9ca3d6c0d9c5fc542

This guide shows you how to configure this as Application permissions, and via the Graph API.

I've found going through the Graph API is the best way to go.

Also strangely it's not possible to get delegated Sites.Selected permissions. You must set it up as an Application permission.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is it possible/feasible integrate non-Microsoft REST client application in to Sharepoint 2013 OAuth to obtain an access token for a REST client? Application access to SharePoint Online using Azure AD Token Access Token from Sharepoint Cannot debug Sharepoint application using non system account user? SharePoint 2016: Get access token User specific theme in sharepoint User specific dashboard in Sharepoint How can I receive an access token for SkyDrive Pro REST calls, from a remote application (no SharePoint app) Access the SharePoint API as a named user from an ASP.Net web application using Anonymous Access Non-deprecated code for detecting whether a SharePoint User has a specific Permission Level
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM