Authenticating to SharePoint endpoint using Office 365 OAuth APIs

3
votes

I am trying to access a sharepoint online site using the Office 365 APIs mentioned here I am getting the auth token and calling the discovery service as below:

httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
response = await httpClient.GetAsync(new Uri("https: / /api.office.com/discovery/me/services"));
data = await response.Content.ReadAsStringAsync();

I get the following types of endpoint URLs in the result:

  1. OneDrive
    https: / / sometenant-my.sharepoint.com/personal/sometenant_data_onmicrosoft_com/_api

  2. Outlook related
    https: / /outlook.office365.com/api/v1.0

I don't get any endpoint URLs for SharePoint in the results. If I try the below code:

 httpClient = new HttpClient();
 httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
 httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
 response = await httpClient.GetAsync("https://sometenant.sharepoint.com/_api/web/lists/getByTitle('Documents')/items");
 data = await response.Content.ReadAsStringAsync();

I get the following in the response stream:

"{\"error\":\"invalid_client\",\"error_description\":\"Invalid audience Uri 'Microsoft.SharePoint'.\"}"

The error in the response is:

{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  x-ms-diagnostics: 3000003;reason="Invalid audience Uri 'Microsoft.SharePoint'.";category="invalid_client"
  SPRequestGuid: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
  request-id: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
  SPRequestDuration: 37
  SPIisLatency: 25
  MicrosoftSharePointTeamServices: 16.0.0.3431
  X-Content-Type-Options: nosniff
  X-MS-InvokeApp: 1; RequireReadOnly
  Date: Mon, 24 Nov 2014 22:45:46 GMT
  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
  Server: Microsoft-IIS/7.5
  WWW-Authenticate: Bearer realm="xxxxxx-xxxx-xxxxx-xxxx-xxxxxxxx",client_id="xxxxxxxx-xxx-xxxx-xxxx-000000000000",trusted_issuers="xxxxxxx-xxxx-xxx-xxx-000000000000@*,https : // sts.windows.net/*/,00000003-0000-xxxxx-ce00-000000000000@xxxxxxxx-xxxxx-11e1-xxxx-xxxxxxx",authorization_uri="https://login.windows.net/common/oauth2/authorize"
  X-Powered-By: ASP.NET
  Content-Length: 93
}}

I believe I should be able to access SharePoint data using the Office 365 APIs.

I have give app full control on all site collection permissions.

Please advise if I am missing anything here.

1
sharepointoffice365
how did u get with this?Found any good sample or did u make it work?Jorge

1 Answers

2
votes

Your target URL initially while trying to get the access_token is different to that required for SharePoint. I don't know why, it seems logical for Office365 access_token to work for SharePoint but that isn't the case.

So I assume you have client_id and client_secret from your SharePoint registered app. If not there are 2 ways you can register a new application :

  1. https://{your tenantID}.sharepoint.com/_layouts/15/appregnew.aspx

(for some reason the client_secret generated here was not being validated by Azure ACS when trying to get acess_token, at least for me it wasn't. So I tried the one below)

  1. Login to your azure management portal and go to :

active directory (left side bottom) > default directory (if you don't have any previously) > Application > Add

Here fill in details of your application, APP ID URI = 'https://{your tenantID}.sharepoint.com/' and at the bottom in "permissions to other applications" don't forget to Add Application > Office 365 SharePoint Online

To get authorization code :

https://{tenantID}.sharepoint.com/_layouts/oauthauthorize.aspx?client_id={ur client id}&scope=Web.Read&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2F

type the above url in chrome and enter and you will be redirected to the url you have specified above. You'll eventually end up at

"https://localhost/?code={authorization code}"

copy the authorization code

To get bearer realm :

GET request

https://{your tenantID}.sharepoint.com/_vti_bin/client.svc

Authorization: Bearer (header)

Get the Bearer realm component from the response header and save it.

To get access token :

POST request

https://accounts.accesscontrol.windows.net/{bearer realm}/tokens/OAuth/2

and body parameters

grant_type=authorization_code&client_id={ur client id}&client_secret={ur client secret}&code={auth code that you got from the step above}&redirect_uri=https%3A%2F%2Flocalhost%2F&resource=00000003-0000-0ff1-ce00-000000000000%2F{your tenantID}.sharepoint.com%40{bearer realm}

&resource = 00000003-0000-0ff1-ce00-000000000000 is permanent for sharepoint

This should return a response with an access token & refresh token, now using this you will be able to access SharePoint REST API.