Feb 20 2019 01:11 PM
I'm in the middle of writing a .Net client app and have been using the latest Graph SDK to access OneDrive. To authenticate, I used MSAL and with the appropriate "scopes", this gets me an OAuth token that works great for OneDrive access.
Unfortunately, the Graph API (REST and SDK) are far from complete at this time. I need to supplement my Graph calls with some more traditional ECM where OneDrive for Business and straight SP Online Libraries are concerned (calls like checkout/checkin/locking and related properties like who a file is checked-out to, etc.) To do this, I thought I'd leverage "SharePoint CSOM for Online" until Graph "catches up".
However, the access token received via MSAL is refused by the ClientContext of the user's site/list. It always results in a 401: Unauthorized being returned from the service.
Does anyone have a code snippet or tips/tricks to use MSAL to get a valid access token for the user's same SP Library - just connecting directly to the SP Online services? I could be missing explicit "scopes" to request in the MSAL authentication too. I am getting the feeling that MSAL is not compatible with SP Online, and that would be really unfortunate.
Thanks for any pointers!
Feb 26 2019 03:42 AM
Hope, the below post will help..
https://samlman.wordpress.com/2015/02/27/using-adal-access-tokens-with-o365-rest-apis-and-csom/
BTW : I have not personally tested the content listed in above post
Feb 26 2019 05:18 AM
Jul 12 2019 07:38 AM
@AJWeber This is a really big issue for me right now as well... Building business apps with Graph works great until you run into some incomplete functionality. For example creating a SharePoint site, or retrieving a SharePoint user id so that you can update a multiuser list field.
Is there active development under the beta graph? v1.0 after a couple years does not look like a good sign.
If anyone out there has already solved the issue of integrating CSOM or direct REST calls to SharePoint in a Microsoft.Graph MSAL application that would be a big help!
I would stick with CSOM accept that there is no good way to respect Multi-factor logins.... We really need graph to be completed to unify authentication across the API families.
Oct 13 2019 04:41 AM - edited Oct 13 2019 04:43 AM
@Ed Alexander , @AJWeber @Kevin Morgan
Did you find any solution for getting Access Token using MSAL.NET?
I am also stuck with this issue?
If someone can help with this it would be great.
I have also asked a question on MSAL.NET Repos as well.
Link is here : https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1439
Feb 06 2020 01:46 AM
Hi, I was stuck like you and then I figured out that it works with the client credentials flow (certificate, not client / secret). Here my proposed answer : https://stackoverflow.com/questions/54771270/msal-ad-token-not-valid-with-sharepoint-online-csom/600...
Please let me know.
Dec 23 2022 06:41 AM
@AJWeberI've spent pretty much a time to figure this out, so hope it could be useful for anyone.
For me it finally worked with exactly the same request via MSAL but correct scope for SharePoint.
So, if you're calling to token to use MS Graph API, you should specify scope as "https://graph.microsoft.com/.default", and if you want to get token for SP API, you should pass scope as "https://{your tenant name}.sharepoint.com/.default".
".default" will provide you the access with all permissions which was assigned in Azure AD - so also make sure, that Azure admin has granted you required API permissions for SharePoint API