Friday, April 15, 2022

Getting an Access Token for SharePoint Online

Prior to SharePoint 2019, SharePoint Administrators, SharePoint Developers, and Power Users could use SharePoint Designer for no-code workflow development. With the release of SharePoint 2019 and SharePoint Online, modern process automation is developed through Microsoft Flow. SharePoint Online leverages modern tools, like PowerApps and Flow for forms and workflow deployment.

As with the SharePoint 2013 workflow, developers can execute REST calls to accomplish workflow actions. To test REST calls that will be executed in a Flow, a tool like Postman can be leveraged.  To successfully send REST calls, an access token will need to be obtained from Microsoft Azure Access Services. The below steps detail the process of obtaining an access token.

To begin, copy the text in the below box into a notepad.  This text is generalized headers for the body of the HTTP Post request to retrieve the token. The text in bold will be replaced as the steps to obtain the token are followed.

grant_type=client_credentials
&resource=00000003-0000-0ff1-ce00-000000000000/TENANT-NAME.sharepoint.com@TENANT-ID
&client_id= GENERATED CLIENT-ID@TENANT-ID
&client_secret= GENERATED CLIENT-SECRET

Step 1 Register an App

Navigate to https://[TENANT -NAME].sharepoint.com/_layouts/15/appregnew.aspx

  1. Open notepad
  2. Click Generate next to Client ID
  3. Copy the generated Client ID
  4. In notepad, replace the bold GENERATED CLIENT ID text with the copied generated client id
  5. Click Generate next to Client Secret
  6. Copy the generated Client Secret
  7. In notepad, replace the bold GENERATED CLIENT SECRET text with the copied generated client secret
  8. Update App Domain with google.com
  9. Update Redirect URL with https://localhost/
  10. Click Create

Step 2 Grant APP-Only permission to the APP

  1. Navigate to https://[TENANT-NAME].sharepoint.com/_layouts/15/appinv.aspx

Note: Client Id generated during APP registration appended with an @, followed by the Tenant ID

  1. Paste the value of “Client Id:” from the notepad in the App Id field
  2. Click Lookup
  3. Update the Permission Request XML: field the below values:
<AppPermissionRequests AllowAppOnlyPolicy="true"><AppPermissionRequest
Scope="http://sharepoint/content/sitecollection/web"
Right="Read"/></AppPermissionRequests>

 5. Click Create

Step 3 Get access token

  1. Navigate to Site Setting > App Permissions
    1. Locate the APP identifier that contains the Client Id generated during APP registration. The GUID on the right side of the @ is the Tenant ID. (You will need the Tenant ID in 3 places during the request build process)
      1. https://accounts.accesscontrol.windows.net/[Tenant ID]/OAuth/2
      2. Resource Header
      3. client_id Header

Update the Post Request Body in Notepad

In notepad, update the text as detailed below:

KeyValueNotes
grant_typeclient_credentials 
resource[SharePoint Online application principal ID]/[Tenant-Name].sharepoint.com@[Tenant-ID][SharePoint Online application principal ID] is always 00000003-0000-0ff1-ce00-000000000000

 

[Tenant-Name] with the tenant value as it appears in the sharepoint.com URL for the tenant

[Tenant-ID] was obtained on Site Setting > App Permissions

The GUID on the right side of the @ is the Tenant ID

 

The / and @ are literal values. Use them where specified

 

 

client_id[Client-ID]@[Tenant-ID]

 

Obtain this value by doing the following

Site Setting > App Permissions

Locate the APP identifier that contains the Client Id generated during APP registration. Copy everything to the right of | (pipe) character.

 

client_secretThe client secret that was generated during APP registration 

Build the Post Request URL

To obtain the access token, send a POST request to Microsoft Azure Access Control Service (ACS) account associated with Tenant. The URL is in the following format:

https://accounts.accesscontrol.windows.net/[Tenant-ID]/tokens/OAuth/2[Tenant-ID] was obtained on Site Setting > App Permissions

The GUID on the right side of the @ is the Tenant ID

 

  1. Open Postman
  2. Create a new Post Request
  3. Enter the updated ACS URL in the address field

Build the Post Request Header

KeyValue
Content-Typeapplication/x-www-form-urlencoded

Paste the Body Text

Copy the updated Body text from the notepad into the Body of the postman request.

View the Post Response

On success, the response body will contain an access-token key.

References

https://anexinet.com/blog/getting-an-access-token-for-sharepoint-online/

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint

https://docs.microsoft.com/en-us/sharepoint/hybrid/configure-server-to-server-authentication

No comments:

Post a Comment

Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.Please don't spam,spam comments will be deleted upon reviews.