SPO connection via client id/secret

1. Preparation 
 Register the Azure AD application 
Access Azure Portal 
Go to Azure Active Directory > Application Registration 
Click “New Registration”, enter a name, and select “This Organizational Directory only” 
Record the Record the Application (Client) ID and Tenant ID 
2. Create Client Secret 
On the Application Registration page, go to “Certificates and Passwords” 
Click on “New Client Secret” and set the expiration date (12 months is recommended) 
Copy Key Value (shown only once, need to save it properly) 
3. Configure API Privileges 
Go to “API Privileges” 
Add Sites.FullControl.All (for read/write) or Sites.Read.All (for read only) 
Administrator needs to "Grant Consent " 
4. Connecting to SharePoint Online 
powershell 
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com" -ClientId "xxxx-xxxx-xxxx" -ClientSecret "your-secret" 
Scenarios: automation scripts, batch operations 
5. Using Microsoft Graph API 
http 
POST https://login.microsoftonline. com/{tenant-id}/oauth2/v2.0/token 
Content-Type: application/x-www-form-urlencoded 
client_id={client-id} 
&scope=https://graph.microsoft.com/.default 
&client_secret={client-secret} 
&grant_type=client_credentials 
Scenario: REST API call 
6. Graph SDK) 
csharp 
var scopes = new[] { "https://graph.microsoft.com/.default" }; 
var clientSecretCredential = new ClientSecretCredential( 
 tenantId, clientId, clientSecret); 
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);