We are using custom web api and angular as a front-end. We already have active directory access token and we need to access SharePoint lists under user context. How to use azure active directory token to generate user access token to access SharePoint on behalf of Flow?
0
votes
Why did you want to use active directory token to generate token? You can use ad access token to access sharepoint rest api directly. You can refer to advaiya.com/blog/access-sharepoint-rest-api-using-oauth
– Tony Ju
We are using custom web api and calling those from angular based front-end application. We need to access sharepoint libraries using user context.
– Vishal Dhole
The short answer is yes, you can exchange the access token you have for a token for another API. You use the on-behalf-of flow to do that.
– juunas
Hi Junnas, thank you for your reply. Can you please tell me, how to use it?
– Vishal Dhole
1 Answers
0
votes
To use the acquired access_token to request new access_token from another API, you could use the on_behalf_of flow.
For V2 enpoint, the request URL:
https://login.microsoftonline.com//oauth2/v2.0/token
POST /oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
&client_id=<application-id>
&client_secret=<key value>
&assertion=<acquired access_token>
&requested_token_use=on_behalf_of
&scope=https://graph.microsoft.com/User.Read email(here the example API is [ms graph API][1], and the permissions are User.Read and email)
For the details, you could refer to this dos.
