Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure Active Directory Permissions Issue: 403 Exception

Copper Contributor

I have a added a Native app in Azure Active directory. I have granted all the required SharePoint permissions (to my knowledge) but when I try to hit following SharePoint REST API, it returns 403 exception

 

https://mytenant.sharepoint.com/_api/SP.OAuth.NativeClient/Authenticate

 

I'm trying to get SharePoint Online SPOIDCRL cookie using bearer token. Below is my code snippet:

import android.content.Intent;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Log;

import com.microsoft.aad.adal.AuthenticationCallback;
import com.microsoft.aad.adal.AuthenticationContext;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.PromptBehavior;

import com.squareup.okhttp.MediaType;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.RequestBody;
import com.squareup.okhttp.Response;
import com.squareup.okhttp.Headers;

import java.net.URL;
import java.net.HttpURLConnection;
import java.util.Locale;

public class MainActivity extends AppCompatActivity {

    private static final String CLIENT_ID = "{my_client_id}";
    private static final String REDIRECT_URI = "{my_redirect_uri}";
    private static final String GRAPH_RESOURCE = "https://graph.microsoft.com";
    private static final String SHAREPOINT_ONLINE_RESOURCE = "mytenant.sharepoint.com";
    private static final String AUTHORITY = "https://login.microsoftonline.com/mytenant.onmicrosoft.com";
    private static final String LOG_TAG = "AUTH";
    private static String accessToken;
    private static String userId;

    private AuthenticationContext authenticationContext;


    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        try {
            // Create the authentication context.
            authenticationContext = new AuthenticationContext(MainActivity.this,
                    AUTHORITY, true);

            // Acquire tokens using necessary UI.
            authenticationContext.acquireToken(MainActivity.this, GRAPH_RESOURCE, CLIENT_ID, REDIRECT_URI,
                    PromptBehavior.Always, new AuthenticationCallback<AuthenticationResult>() {
                        @Override
                        public void onSuccess(AuthenticationResult result) {
                            String idToken = result.getIdToken();
                            accessToken = result.getAccessToken();
                            userId = result.getUserInfo().getUserId();

                            // Print tokens.
                            Log.d(LOG_TAG, "ID Token: " + idToken);
                            Log.d(LOG_TAG, "Access Token: " + accessToken);

                            String spToken = getEndPointToken(SHAREPOINT_ONLINE_RESOURCE);
                        }

                        @Override
                        public void onError(Exception exc) {
                            // TODO: Handle error
                        }
                    });

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override
    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
        super.onActivityResult(requestCode, resultCode, data);

        // Pass the activity result to the authentication context.
        if (authenticationContext != null) {
            authenticationContext.onActivityResult(requestCode, resultCode, data);
        }
    }

    protected void getCookies(String token) {
        try {
            HttpURLConnection connection = (HttpURLConnection) new URL("https", "mytenant.sharepoint.com", "_api/SP.OAuth.NativeClient/Authenticate").openConnection();
            try {
                connection.setRequestProperty(Broker.CHALLENGE_RESPONSE_HEADER, String.format(Locale.ROOT, "Bearer %s", new Object[]{token}));
                connection.setRequestMethod("POST");

                String headerField = connection.getHeaderField("Set-Cookie");
                Log.d("COOKIE", headerField);

                connection.disconnect();
            } finally {
                connection.disconnect();
            }
        } catch (Exception e) {

        }
    }

    protected String getEndPointToken (String resourceUri) {
        String token = "";
        try {
            authenticationContext.acquireTokenSilentAsync(resourceUri, CLIENT_ID, userId, new AuthenticationCallback<AuthenticationResult>() {
                @Override
                public void onSuccess(AuthenticationResult result) {
                    String spAccessToken = result.getAccessToken();

                    Log.d("SP-AUTH", "Sharepoint Token");
                    Log.d("SP-AUTH", spAccessToken);
                    getCookies(spAccessToken);
                }

                @Override
                public void onError(Exception exc) {
                    // TODO: Handle error
                }
            });
        } catch (Exception e) {

        }
        return token;
    }
}

Exception:
<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code>-1, Microsoft.SharePoint.Client.ClientServiceException</m:code><m:message xml:lang="en-US">Exception of type 'Microsoft.SharePoint.Client.ClientServiceException' was thrown.</m:message></m:error>

0 Replies