Feb 06 2024 08:10 AM
Hello,
We are facing issue using SharePoint API.
We created an app and granted it access to our tenant [mutta.fr].
It has been activated since 19th of December 2023 for a year :
PrincipalName | PrincipalId | KeyID | StartDate | EndDate |
FlowSpekty | 42ac9c55-c5a3-4f1c-945d-00f98cfb6fc5 | c78f4977-02ac-4bf0-826b-e9bbcde85f9d | 19/12/2023 10:50 | 19/12/2024 10:50 |
However we're not managing to use the SharePoint API correctly. Here are the steps that we are following :
Get Token Request :
curl --location 'https://accounts.accesscontrol.windows.net/388ced44-1563-4316-9073-75afcbd30f85/tokens/OAuth/2' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-XT9C2nex3oBqSOkw2eaQoxOGcy41rcO1KGxIaSSEbvLXrgvKJD5pganZ6ht6MOjjM17q5-_oVTXyCiSsFUrQaOKVLjzjXszbyAsLoMXpD0p6tmH6c9yuBNSf8RWOFC3V3pPnUtp7C-kaHH9_e6rJJ1YmURseOYxVKqxAdepp75wgAA; fpc=AoypDv80yRNGpfiwimEfAuY3IYaSAQAAAAP9Md0OAAAAJXYyzAQAAABM_jHdDgAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=42ac9c55-c5a3-4f1c-945d-00f98cfb6fc5@388ced44-1563-4316-9073-75afcbd30f85' \
--data-urlencode 'client_secret=YGrL9gUtymDKfmeYJRilvEQPFLn5UUxYAS99hAdRirQ=' \
--data-urlencode 'resource=00000003-0000-0ff1-ce00-000000000000/muttafr.sharepoint.com@388ced44-1563-4316-9073-75afcbd30f85' \
--data-urlencode 'scope=00000003-0000-0ff1-ce00-000000000000/muttafr.sharepoint.com@388ced44-1563-4316-9073-75afcbd30f85'
Get Token Result
{
"token_type": "Bearer",
"expires_in": "86399",
"not_before": "1704986177",
"expires_on": "1705072877",
"resource": "00000003-0000-0ff1-ce00-000000000000/muttafr.sharepoint.com@388ced44-1563-4316-9073-75afcbd30f85",
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbXV0dGFmci5zaGFyZXBvaW50LmNvbUAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJpc3MiOiIwMDAwMDAwMS0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDBAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1IiwiaWF0IjoxNzA0OTg2MTc3LCJuYmYiOjE3MDQ5ODYxNzcsImV4cCI6MTcwNTA3Mjg3NywiaWRlbnRpdHlwcm92aWRlciI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMEAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJuYW1laWQiOiI0MmFjOWM1NS1jNWEzLTRmMWMtOTQ1ZC0wMGY5OGNmYjZmYzVAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1Iiwib2lkIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5Iiwic3ViIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5IiwidHJ1c3RlZGZvcmRlbGVnYXRpb24iOiJmYWxzZSJ9.m7KWsIWOnR7XxRvOHfsjjxP5oXNbYaqIjq1PzClwpnaLuP-49DmzgFfhouiedESY30VPNR2wu8e4JNMj9sxI1GwJfk_CzOD-9xtPkJcGouLsxLc4joqRDN2I7FqJue6cz_3y7cgeawwgGKJ47kXNZo-pyxAYTUvsfd1x5k9WCGKJmQiiss85uYhpe1Aag7EsN7dnAO4RjGfjBhx2HGgM5BA5vz_DGRl8bk3QUQ5yfdY5N7_rDKhFshLX7-fotuA7enoQ1LVBbG3G5V95A_Z0UA03U31r4dLlHN7LOGzX0_ovbK-xGmlw_30iCdAwzjEax0Bt3AUdn7Qsey2JutTftA"
}
Get Sharepoint Lists Request
curl --location 'https://muttafr.sharepoint.com/sites/SuiviAuditsnergtiques/_api/lists/GetByTitle('\''Audits TEST Flow'\'')' \
--header 'Accept: application/json;odata=verbose' \
--header 'Content-Type: application/json;odata=verbose' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvbXV0dGFmci5zaGFyZXBvaW50LmNvbUAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJpc3MiOiIwMDAwMDAwMS0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDBAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1IiwiaWF0IjoxNzA0OTg2MjM5LCJuYmYiOjE3MDQ5ODYyMzksImV4cCI6MTcwNTA3MjkzOSwiaWRlbnRpdHlwcm92aWRlciI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMEAzODhjZWQ0NC0xNTYzLTQzMTYtOTA3My03NWFmY2JkMzBmODUiLCJuYW1laWQiOiI0MmFjOWM1NS1jNWEzLTRmMWMtOTQ1ZC0wMGY5OGNmYjZmYzVAMzg4Y2VkNDQtMTU2My00MzE2LTkwNzMtNzVhZmNiZDMwZjg1Iiwib2lkIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5Iiwic3ViIjoiZTIyNDFiODAtYmNiYi00MjM4LTk3ODMtZWE3ZDRhM2Y0NTA5IiwidHJ1c3RlZGZvcmRlbGVnYXRpb24iOiJmYWxzZSJ9.nVzMAkkMqUjf6rg9VyK3Cj79uMDkKRRV-EsMZlfki3ifftk6MP5_FiUNpVWp6dbqobQtCmm5BjyztB96JsgU8cXZJOKQq1J35PK_6tOW007Z96Ey-WGdcyVsAzKiKRC7bW7JAwbZWwcEEKsM3s9reydliMSV9zOMcLw8JY_C09sk8fLUL-3qUYb_ME08_XAoGdkMeMsXvl-c2kkpL0Dzo_0wR2XXw8Tkdvx8baYlvgLx6Do1fRsgaiqlvixHczhswrU0mwpb0g9LqXKwbpkzUd9bQ2-xbHG7fH9ICCyZN4kAW6d04gtOnGBIo0sl3ukbgNWIdjo1ArIbfeT7V8A3xw'
Get Sharepoint Lists Result
{"error":"invalid_request","error_description":"Token type is not allowed."}
Thank you for helping !
Feb 07 2024 03:47 AM
Solution@BenoitLefevre As per bullet point #2, are you able to access the list from same SharePoint "tenant" or different tenant?
You may need to change the value of DisableCustomAppAuthentication property at SharePoint tenant level like:
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
$adminUPN="<the full email address of a SharePoint administrator account, example: email address removed for privacy reasons>"
$orgName="<name of your Office 365 organization, example: contosotoycompany>"
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential
set-spotenant -DisableCustomAppAuthentication $false
References:
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.
Feb 07 2024 03:47 AM
Solution@BenoitLefevre As per bullet point #2, are you able to access the list from same SharePoint "tenant" or different tenant?
You may need to change the value of DisableCustomAppAuthentication property at SharePoint tenant level like:
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
$adminUPN="<the full email address of a SharePoint administrator account, example: email address removed for privacy reasons>"
$orgName="<name of your Office 365 organization, example: contosotoycompany>"
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential
set-spotenant -DisableCustomAppAuthentication $false
References:
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.