What data is sent when requesting an app only token with a certificate?

New Contributor

I am attempting to create an integration with the SharePoint API that requires no human interaction to perform its tasks. The language I am programming in is PHP.


So far, all attempts to do so using client ID/secret have failed, with the use of the token returning "unsupported app only token".


I have been attempting to find information on using X.509 certificates for my app to log in. However, everything I can find is in C#, and does not contain the data I require.


Could someone please list the following:

- URL. I believe this is the same .../token URL that the other method is supposed to use, but I could be wrong.

- Header contents.

- Body contents.

- Body format.

- If there is parsed/encoded data, such as the certificate, or something from the certificate, please also include what also needs to be done to it.


Thank you for your time.

0 Replies