Is there a Mechanism to Take AAD Auth & Make SharePoint Online Auth

0
votes

I have an application that is successfully logging into the Microsoft Graph, with correct Scopes, and querying SharePoint Online resources: Lists, Files etc, with the Microsoft Graph SDK (3.18.xxx)

I would like to access CSOM specific features using the Microsoft SharePoint CSOM (16.1.xxx)

These features include LoadClientSidePage, and all the associated nice things you can do with ClientSidePage

(note, if I "re-auth" the user, everything works perfectly well)

Rather than having the user log in twice (once for Graph, once for SharePoint CSOM) -- is there a feature of SharePoint CSOM Auth where I can exchange my Bearer: Access Token for the SharePoint CSOM equivalent ? (I may be wrong, but I think it is a WSFed Token)?

Thanks

1
sharepointcsom

1 Answers

0
votes

I think it's possible. You can attach access token to csom as below:

public ClientContext GetContext(Uri web, string userPrincipalName, SecureString userPassword)
{
 var context = new ClientContext(web);

 context.ExecutingWebRequest += (sender, e) =>
 {
     //get access token
     e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + accessToken;
 };

 return context;
}

How to exchange the token?

Generally one access token only against one resource. However Refresh tokens are valid for all permissions that your client has already received consent for - thus, a refresh token issued on a request for scope=mail.read can be used to request a new access token for scope=api://contoso.com/api/UseResource.

Another possible method is to use OAuth 2.0 On-Behalf-Of flow. The OAuth 2.0 On-Behalf-Of flow (OBO) serves the use case where an application invokes a service/web API, which in turn needs to call another service/web API

The token that CSOM required is the same as SharePoint rest API

If you're using V1.0 author endpoint, please refer to https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-oauth-code#refreshing-the-access-tokens.