Thursday 18 January 2018

oauth - Oauth2 for SharePoint 365 REST

I'm trying to connect to Sharepoint Online (Sharepoint
365?) content using OAuth2 and the REST API. I need to do this from Python as it is an
addition to an existing application. I have already managed to connect the application
to Google Drive using OAuth2 and REST, so I think I understand the fundamentals of using
OAuth2.



I've tried a number of combinations of
places to configure the client_id and client_secret and authenticate and receive access
and refresh tokens.




So far I have
been able to receive a refresh token and use it to obtain an access token; however, I'm
unable to use the access token to access content on the Sharepoint 365
site.



For configuring the client_id and
client_secret I associated my Sharepoint site with AAD using the Azure Management
Portal. Then I added an application to the Sharepoint AD entry with the client_id and
client_secret. In Sharepoint I used appregnew.aspx to register the client_id and
verified the application appears in
appprincipals.aspx.



I call the authentication
service
using:
.../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint



and
am able to authenticate, receive a code, call back
to
.../login.windows.net/common/oauth2/token with the code and receive access
and refresh tokens.




I serialized
those tokens and from a separate process
call
.../login.windows.net/common/oauth2/token with the refresh_token,
client_id, client_secret, and grant_type=refresh_token and receive a new access
token.



Finally I call in to Sharepoint service
endpoint
-my.sharepoint.com/personal//_api/web/files'
with the new
access token and it fails telling me the resource Microsoft.Sharepoint is invalid
(Invalid audience Uri
'Microsoft.SharePoint')



I've been spinning my
wheels trying various permutations of where the client_id is configured and this is as
far as I've gotten. Since all the documentation and examples seem to depend on using C#
libraries such as TokenHelper I feel like I'm missing something key but simple and can't
find the required information.




Has
anyone connected to Sharepoint Online using Python, Ruby, Java, etc? If
so:




  1. Where should the
    client_id be configured?

  2. What are the endpoints for
    obtaining the refresh and access tokens?

  3. What is the
    appropriate audience uri or resource for which to request
    tokens?



Many
thanks!

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...