Prior to SharePoint 2019, SharePoint Administrators, SharePoint Developers, and Power Users could use SharePoint Designer for no-code workflow development. With the release of SharePoint 2019 and SharePoint Online, modern process automation is developed through Microsoft Flow. SharePoint Online leverages modern tools, like PowerApps and Flow for forms and workflow deployment.
As with the SharePoint 2013 workflow, developers can execute REST calls to accomplish workflow actions. To test REST calls that will be executed in a Flow, a tool like Postman can be leveraged. To successfully send REST calls, an access token will need to be obtained from Microsoft Azure Access Services. The below steps detail the process of obtaining an access token.
To begin, copy the text in the below box into a notepad. This text is generalized headers for the body of the HTTP Post request to retrieve the token. The text in bold will be replaced as the steps to obtain the token are followed.
grant_type=client_credentials &resource=00000003-0000-0ff1-ce00-000000000000/TENANT-NAME.sharepoint.com@TENANT-ID &client_id= GENERATED CLIENT-ID@TENANT-ID &client_secret= GENERATED CLIENT-SECRET
Step 1 Register an App
Navigate to https://[TENANT -NAME].sharepoint.com/_layouts/15/appregnew.aspx
- Open notepad
- Click Generate next to Client ID
- Copy the generated Client ID
- In notepad, replace the bold GENERATED CLIENT ID text with the copied generated client id
- Click Generate next to Client Secret
- Copy the generated Client Secret
- In notepad, replace the bold GENERATED CLIENT SECRET text with the copied generated client secret
- Update App Domain with google.com
- Update Redirect URL with https://localhost/
- Click Create
Step 2 Grant APP-Only permission to the APP
Note: Client Id generated during APP registration appended with an @, followed by the Tenant ID
- Paste the value of “Client Id:” from the notepad in the App Id field
- Click Lookup
- Update the Permission Request XML: field the below values:
<AppPermissionRequests AllowAppOnlyPolicy="true"><AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read"/></AppPermissionRequests>
5. Click Create
Step 3 Get access token
- Navigate to Site Setting > App Permissions
- Locate the APP identifier that contains the Client Id generated during APP registration. The GUID on the right side of the @ is the Tenant ID. (You will need the Tenant ID in 3 places during the request build process)
- https://accounts.accesscontrol.windows.net/[Tenant ID]/OAuth/2
- Resource Header
- client_id Header
- Locate the APP identifier that contains the Client Id generated during APP registration. The GUID on the right side of the @ is the Tenant ID. (You will need the Tenant ID in 3 places during the request build process)
Update the Post Request Body in Notepad
In notepad, update the text as detailed below:
Key | Value | Notes |
grant_type | client_credentials | |
resource | [SharePoint Online application principal ID]/[Tenant-Name].sharepoint.com@[Tenant-ID] | [SharePoint Online application principal ID] is always 00000003-0000-0ff1-ce00-000000000000
[Tenant-Name] with the tenant value as it appears in the sharepoint.com URL for the tenant [Tenant-ID] was obtained on Site Setting > App Permissions The GUID on the right side of the @ is the Tenant ID
The / and @ are literal values. Use them where specified
|
client_id | [Client-ID]@[Tenant-ID]
| Obtain this value by doing the following Site Setting > App Permissions Locate the APP identifier that contains the Client Id generated during APP registration. Copy everything to the right of | (pipe) character.
|
client_secret | The client secret that was generated during APP registration |
Build the Post Request URL
To obtain the access token, send a POST request to Microsoft Azure Access Control Service (ACS) account associated with Tenant. The URL is in the following format:
https://accounts.accesscontrol.windows.net/[Tenant-ID]/tokens/OAuth/2 | [Tenant-ID] was obtained on Site Setting > App Permissions The GUID on the right side of the @ is the Tenant ID
|
- Open Postman
- Create a new Post Request
- Enter the updated ACS URL in the address field
Build the Post Request Header
Key | Value |
Content-Type | application/x-www-form-urlencoded |
Paste the Body Text
Copy the updated Body text from the notepad into the Body of the postman request.
View the Post Response
On success, the response body will contain an access-token key.
References
https://anexinet.com/blog/getting-an-access-token-for-sharepoint-online/
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint
https://docs.microsoft.com/en-us/sharepoint/hybrid/configure-server-to-server-authentication