SOLVED

Issue with SharePoint API

Copper Contributor

Hello,

 

We are facing issue using SharePoint API. 

We created an app and granted it access to our tenant  [mutta.fr].

 

BenoitLefevre_0-1707234364021.png

 

It has been activated since 19th of December 2023 for a year : 

PrincipalName

PrincipalId

KeyID

StartDate

EndDate

FlowSpekty

42ac9c55-c5a3-4f1c-945d-00f98cfb6fc5

c78f4977-02ac-4bf0-826b-e9bbcde85f9d

19/12/2023 10:50

19/12/2024 10:50

 

However we're not managing to use the SharePoint API correctly. Here are the steps that we are following : 

Get Token Request : 
curl --location 'https://accounts.accesscontrol.windows.net/388ced44-1563-4316-9073-75afcbd30f85/tokens/OAuth/2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-XT9C2nex3oBqSOkw2eaQoxOGcy41rcO1KGxIaSSEbvLXrgvKJD5pganZ6ht6MOjjM17q5-_oVTXyCiSsFUrQaOKVLjzjXszbyAsLoMXpD0p6tmH6c9yuBNSf8RWOFC3V3pPnUtp7C-kaHH9_e6rJJ1YmURseOYxVKqxAdepp75wgAA; fpc=AoypDv80yRNGpfiwimEfAuY3IYaSAQAAAAP9Md0OAAAAJXYyzAQAAABM_jHdDgAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=42ac9c55-c5a3-4f1c-945d-00f98cfb6fc5@388ced44-1563-4316-9073-75afcbd30f85' \
--data-urlencode 'client_secret=YGrL9gUtymDKfmeYJRilvEQPFLn5UUxYAS99hAdRirQ=' \
--data-urlencode 'resource=00000003-0000-0ff1-ce00-000000000000/muttafr.sharepoint.com@388ced44-1563-4316-9073-75afcbd30f85' \
--data-urlencode 'scope=00000003-0000-0ff1-ce00-000000000000/muttafr.sharepoint.com@388ced44-1563-4316-9073-75afcbd30f85'

 

Get Token Result 
{
    "token_type": "Bearer",
    "expires_in": "86399",
    "not_before": "1704986177",
    "expires_on": "1705072877",
    "resource": "
00000003-0000-0ff1-ce00-000000000000/muttafr.sharepoint.com@388ced44-1563-4316-9073-75afcbd30f85",
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbXV0dGFmci5zaGFyZXBvaW50LmNvbUAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJpc3MiOiIwMDAwMDAwMS0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDBAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1IiwiaWF0IjoxNzA0OTg2MTc3LCJuYmYiOjE3MDQ5ODYxNzcsImV4cCI6MTcwNTA3Mjg3NywiaWRlbnRpdHlwcm92aWRlciI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMEAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJuYW1laWQiOiI0MmFjOWM1NS1jNWEzLTRmMWMtOTQ1ZC0wMGY5OGNmYjZmYzVAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1Iiwib2lkIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5Iiwic3ViIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5IiwidHJ1c3RlZGZvcmRlbGVnYXRpb24iOiJmYWxzZSJ9.m7KWsIWOnR7XxRvOHfsjjxP5oXNbYaqIjq1PzClwpnaLuP-49DmzgFfhouiedESY30VPNR2wu8e4JNMj9sxI1GwJfk_CzOD-9xtPkJcGouLsxLc4joqRDN2I7FqJue6cz_3y7cgeawwgGKJ47kXNZo-pyxAYTUvsfd1x5k9WCGKJmQiiss85uYhpe1Aag7EsN7dnAO4RjGfjBhx2HGgM5BA5vz_DGRl8bk3QUQ5yfdY5N7_rDKhFshLX7-fotuA7enoQ1LVBbG3G5V95A_Z0UA03U31r4dLlHN7LOGzX0_ovbK-xGmlw_30iCdAwzjEax0Bt3AUdn7Qsey2JutTftA"
}


Get Sharepoint Lists Request
curl --location 'https://muttafr.sharepoint.com/sites/SuiviAuditsnergtiques/_api/lists/GetByTitle('\''Audits TEST Flow'\'')' \
--header 'Accept: application/json;odata=verbose' \
--header 'Content-Type: application/json;odata=verbose' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbXV0dGFmci5zaGFyZXBvaW50LmNvbUAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJpc3MiOiIwMDAwMDAwMS0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDBAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1IiwiaWF0IjoxNzA0OTg2MjM5LCJuYmYiOjE3MDQ5ODYyMzksImV4cCI6MTcwNTA3MjkzOSwiaWRlbnRpdHlwcm92aWRlciI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMEAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJuYW1laWQiOiI0MmFjOWM1NS1jNWEzLTRmMWMtOTQ1ZC0wMGY5OGNmYjZmYzVAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1Iiwib2lkIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5Iiwic3ViIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5IiwidHJ1c3RlZGZvcmRlbGVnYXRpb24iOiJmYWxzZSJ9.nVzMAkkMqUjf6rg9VyK3Cj79uMDkKRRV-EsMZlfki3ifftk6MP5_FiUNpVWp6dbqobQtCmm5BjyztB96JsgU8cXZJOKQq1J35PK_6tOW007Z96Ey-WGdcyVsAzKiKRC7bW7JAwbZWwcEEKsM3s9reydliMSV9zOMcLw8JY_C09sk8fLUL-3qUYb_ME08_XAoGdkMeMsXvl-c2kkpL0Dzo_0wR2XXw8Tkdvx8baYlvgLx6Do1fRsgaiqlvixHczhswrU0mwpb0g9LqXKwbpkzUd9bQ2-xbHG7fH9ICCyZN4kAW6d04gtOnGBIo0sl3ukbgNWIdjo1ArIbfeT7V8A3xw'

 

Get Sharepoint Lists Result

{"error":"invalid_request","error_description":"Token type is not allowed."}

 

Thank you for helping ! 

1 Reply
best response confirmed by BenoitLefevre (Copper Contributor)
Solution

@BenoitLefevre As per bullet point #2, are you able to access the list from same SharePoint "tenant" or different tenant?

 

You may need to change the value of DisableCustomAppAuthentication property at SharePoint tenant level like: 

 

Install-Module -Name Microsoft.Online.SharePoint.PowerShell  
$adminUPN="<the full email address of a SharePoint administrator account, example: email address removed for privacy reasons>"  
$orgName="<name of your Office 365 organization, example: contosotoycompany>"  
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."  
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential  
set-spotenant -DisableCustomAppAuthentication $false

 

References:

  1. "Token type is not allowed" error on SharePoint REST API 
  2. SharePoint Online authorization issue 'Token type is not allowed' 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

1 best response

Accepted Solutions
best response confirmed by BenoitLefevre (Copper Contributor)
Solution

@BenoitLefevre As per bullet point #2, are you able to access the list from same SharePoint "tenant" or different tenant?

 

You may need to change the value of DisableCustomAppAuthentication property at SharePoint tenant level like: 

 

Install-Module -Name Microsoft.Online.SharePoint.PowerShell  
$adminUPN="<the full email address of a SharePoint administrator account, example: email address removed for privacy reasons>"  
$orgName="<name of your Office 365 organization, example: contosotoycompany>"  
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."  
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential  
set-spotenant -DisableCustomAppAuthentication $false

 

References:

  1. "Token type is not allowed" error on SharePoint REST API 
  2. SharePoint Online authorization issue 'Token type is not allowed' 

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

View solution in original post