SOLVED

Auth0 authentication with SharePoint REST api

%3CLINGO-SUB%20id%3D%22lingo-sub-354907%22%20slang%3D%22en-US%22%3EAuth0%20authentication%20with%20SharePoint%20REST%20api%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-354907%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20building%20a%20company%20web%20app%20with%20Node%2FExpress%20and%20MongoDB.%20The%20authentication%20is%20handled%20by%20Auth0%20and%20I%20have%20it%20set%20up%20so%20employees%20sign%20in%20with%20their%20Azure%2FOffice365%20credentials.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20be%20able%20to%20get%2C%20post%2C%20and%20put%20documents%20in%20our%20sharepoint%20sites%20from%20the%20web%20app.%20I.e.%20I'm%20building%20a%20controller%20for%20our%20Purchase%20Orders%20and%20want%20to%20be%20able%20to%20upload%20the%20POs%20to%20the%20corresponding%20specific%20POs%20folder%20in%20the%20SharePoint%20site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20I%20need%20a%20separate%20authentication%2Ftoken%20for%20using%20the%20sharepoint%20REST%20api%20for%20doing%20something%20like%20this%20when%20users%20are%20already%20signed%20in%20to%20the%20web%20app%20with%20their%20Office365%2FAzure%20credentials%20through%20Auth0%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-356883%22%20slang%3D%22en-US%22%3ERe%3A%20Auth0%20authentication%20with%20SharePoint%20REST%20api%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-356883%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20it%20happens%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F127%22%20target%3D%22_blank%22%3E%40Paolo%20Pialorsi%3C%2FA%3E%26nbsp%3Bjust%20did%20a%20demo%20on%20a%20potentially%20similar%20situation%20to%20yours!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcRuSk21N810%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DcRuSk21N810%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-356348%22%20slang%3D%22en-US%22%3ERe%3A%20Auth0%20authentication%20with%20SharePoint%20REST%20api%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-356348%22%20slang%3D%22en-US%22%3EThanks%20Thomas%2C%20I'll%20definitely%20check%20out%20those%20Node%20tools.%20The%20users%20will%20need%20permissions.%20I%20know%20theres%20a%20way%20to%20get%20Office365%20groups%20from%20Auth0%20for%20use%20in%20custom%20applications%20but%20this%20is%20the%20first%20time%20ive%20used%20Auth0%20so%20not%20sure%20of%20the%20process%20with%20setting%20everything%20up%20I%20do%20have%20all%20the%20users%20in%20Office365%20groups%20with%20assigned%20permissions%20so%20they%20can%20access%20the%20specific%20sites%2C%20folders%2C%20files%2C%20etc.%20I%20do%20have%20a%20web%20app%20setup%20and%20registered%20with%20Azure%2C%20which%20I%20assigned%20specific%20permissions%20for%20the%20app%2C%20but%20I'm%20not%20sure%20if%20I%20need%20to%20do%20any%20other%20form%20of%20backend%20authentication%20with%20the%20app%20when%20I%20interact%20with%20the%20SharePoint%20API%20for%20uploading%20foles%20to%20SharePoint%20Sites%2C%20or%20if%20just%20the%20Auth0%20authentication%20I%20have%20in%20place%20will%20be%20enough.%20I%20havent%20used%20the%20SharePoint%20API%20before%20and%20not%20too%20sure%20how%20it%20works.%20Thanks%20again%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-355276%22%20slang%3D%22en-US%22%3ERe%3A%20Auth0%20authentication%20with%20SharePoint%20REST%20api%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-355276%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Joseph%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere's%20a%20pretty%20comprehensive%20list%20of%20the%20tools%20available%20for%20authenticating%20from%20a%20Node%20app%20to%20SharePoint%20Online.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint-NodeJS%2FAwesome-SharePoint-Node.js%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSharePoint-NodeJS%2FAwesome-SharePoint-Node.js%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat's%20your%20situation%20though%3F%20Do%20you%20need%20user%20permissions%3F%20For%20example%2C%20are%20you%20making%20calls%20to%20SharePoint%20lists%20where%20you%20need%20to%20return%20only%20items%20to%20which%20the%20logged%20in%20user%20has%20permissions%3F%20If%20that's%20the%20case%2C%20you're%20going%20to%20want%20to%20use%20the%20user's%20credentials%20and%20possibly%20look%20at%20Microsoft%20Graph%20with%20delegated%20permissions%20rather%20than%20direct%20connections%20to%20SharePoint.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fauth-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fauth-overview%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fgraph%2Ftutorials%2Fnode%3Ftutorial-step%3D3%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fgraph%2Ftutorials%2Fnode%3Ftutorial-step%3D3%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20just%20need%20your%20app%20to%20connect%20to%20SharePoint%20and%20you%20don't%20need%20to%20security%20trim%20results%20or%20access%20by%20user%20(all%20users%20have%20the%20same%20permissions%20to%20your%20SharePoint%20list%2Flibrary)%2C%20your%20easiest%20option%20is%20probably%20to%20register%20the%20app%20in%20SharePoint%20or%20Azure%20AD%20grant%20it%20%22App-Only%22%20permissions%20for%20SharePoint%20then%20use%20the%20clientID%20and%20clientSecret%20from%20that.%20The%20first%20link%20has%20some%20resources%20for%20doing%20that%20from%20a%20Node%20app.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I'm building a company web app with Node/Express and MongoDB. The authentication is handled by Auth0 and I have it set up so employees sign in with their Azure/Office365 credentials.

 

I want to be able to get, post, and put documents in our sharepoint sites from the web app. I.e. I'm building a controller for our Purchase Orders and want to be able to upload the POs to the corresponding specific POs folder in the SharePoint site.

 

Do I need a separate authentication/token for using the sharepoint REST api for doing something like this when users are already signed in to the web app with their Office365/Azure credentials through Auth0?

3 Replies

Hi Joseph,

 

Here's a pretty comprehensive list of the tools available for authenticating from a Node app to SharePoint Online.

 

https://github.com/SharePoint-NodeJS/Awesome-SharePoint-Node.js

 

What's your situation though? Do you need user permissions? For example, are you making calls to SharePoint lists where you need to return only items to which the logged in user has permissions? If that's the case, you're going to want to use the user's credentials and possibly look at Microsoft Graph with delegated permissions rather than direct connections to SharePoint.

 

https://docs.microsoft.com/en-us/graph/auth-overview

https://docs.microsoft.com/en-gb/graph/tutorials/node?tutorial-step=3

 

If you just need your app to connect to SharePoint and you don't need to security trim results or access by user (all users have the same permissions to your SharePoint list/library), your easiest option is probably to register the app in SharePoint or Azure AD grant it "App-Only" permissions for SharePoint then use the clientID and clientSecret from that. The first link has some resources for doing that from a Node app.

Thanks Thomas, I'll definitely check out those Node tools. The users will need permissions. I know theres a way to get Office365 groups from Auth0 for use in custom applications but this is the first time ive used Auth0 so not sure of the process with setting everything up I do have all the users in Office365 groups with assigned permissions so they can access the specific sites, folders, files, etc. I do have a web app setup and registered with Azure, which I assigned specific permissions for the app, but I'm not sure if I need to do any other form of backend authentication with the app when I interact with the SharePoint API for uploading foles to SharePoint Sites, or if just the Auth0 authentication I have in place will be enough. I havent used the SharePoint API before and not too sure how it works. Thanks again
best response confirmed by avjoseph365_00 (New Contributor)
Solution

As it happens, @Paolo Pialorsi just did a demo on a potentially similar situation to yours!

 

https://www.youtube.com/watch?v=cRuSk21N810

This community call demo is taken from the SharePoint General Development Special Interest Group recording on 21st of February 2019. In this video, Paolo Pia...