Thursday, June 28, 2018

How to get SharePoint Online access authentication for third-party tools, such as Postman or Fiddler

Third-party tools need "token"(OAuth 2.0) to get authenticated. And the token is generated based on "Client Id" and "Client Secret (key)". We can do this either manually (Postman or Fiddler), or programmatically (C#, JavaScript, etc.). This is how our cloud based application to run across different cloud platforms.

You can get more details of SharePoint OAuth 2.0 here.

For SharePoint Online, we have two options to get the token, that depends on what type of admin rights we have and what we need.

There are already some pretty good posts tell us how to do it. However, I found some description is confusing, especially about the naming of some parameters. So, I try to explain it here, based on my understanding.

The GUIDs and Keys in the sample code below are all generated randomly.

  • In tenant scope (need Tenant, Global or AAD admin rights)


We can follow this post. It contains 6 steps.

====== 1. Register app ======

Go to azure portal site through web browser:
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps


Display name: PostMan
Application type: Web app / API
Home page (Sign-on URL): https://www.getpostman.com/oauth2/callback
Application ID (Client ID of PostMan, auto-generated): 7f925812-d466-4c46-8737-0fcc1e172a98
Object ID (not used, auto-generated): 864dc037-153d-4097-8105-0454bf3042fd
Managed application in local directory



====== 2. Set permissions ======

Go to the settings of this app, then click "required permission"

Set permissions as needed, such as:
Office 365 SharePoint Online -> Delegated permissions -> Read items in all site collections



====== 3. Generate Key (Client Secret) ======

test, 27/06/2020, abcd/efghijklmnopqrstuv4yWLFWswZJGHlm9UFDp0cU=

Copy the key to a safe place. This key will be used to get the token.



====== 4. Access SPO through restful API ======

Launch PostMan,

https://<company name>.sharepoint.com/sites/test2/_api/web/lists

Get

Headers
Key             Syntax                             Value
Accept         application/json; odata=verbose    application/json; odata=verbose



====== 5. Get the Oauth 2.0 Bearer Token ======

Get New Access Token

Callback URL: https://www.getpostman.com/oauth2/callback
Auth URL : https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2Fkenowau.sharepoint.com
Access Token URL : https://login.microsoftonline.com/common/oauth2/token
Client ID : 7f925812-d466-4c46-8737-0fcc1e172a98
Client Secret (Key) : abcd/efgsdksFME6u4yWLFWswZJGHlm9asdfasdflk=
Grant Type : Authorization Code


Click "Request Token" button.

Access Token:
dfasdfferqergfasdfasdfasdfhbGciOiJSUzI1NiIsIng1dCI6IlRpb0d5d3dsaHZkRmJYWjgxM1dwUGF5OUFsVSIsImtpZCI6IlRpb0d5d3dsaHZkRmJYWjgxM1dwUGF5OUFsVSJ9.eyJhdWQiOiJodHRwczovL2tlbm93YXUuc2hhcmVwb2ludC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNjU3MGM0NC1jMGY0LTQ1MzMtOGQzZC02NTdhOGFjODBlMTQvIiwiaWF0IjoxNTMwMDczMDc3LCJuYmYiOjE1MzAwNzMwNzcsImV4cCI6MTUzMDA3Njk3NywiYWNyIjoiMSIsImFpbyI6IkFTUUEyLzhIQUFBQUh4c2JkOWE5NHYxdEYwZklRWmlVNGxRczdEeWxKN29JZmZmSGNVWGNwRVk9IiwiYW1yIjpbInB3ZCJdLCJhcHBfZGlzcGxheW5hbWUiOiJQb3N0TWFuIiwiYXBwaWQiOiIzOTE4MmRhYi1iMjI4LTQ0ZTEtODhjYS1kNmM2NGY5MGNlNjYiLCJhcHBpZGFjciI6IjEiLCJmYW1pbHlfbmFtZSI6IkZhbmciLCJnaXZlbl9uYW1lIjoiRXJpYyIsImlwYWRkciI6IjIzLjEwMS4yMTcuMTU0IiwibmFtZSI6IkVyaWMgRmFuZyIsIm9pZCI6IjY0Y2ZlMzJhLTMxYzAtNDI5MC04MjQ5LTljMjY1MjI0NjBlZiIsInB1aWQiOiIxMDAzM0ZGRkFDMEMxOTdEIiwic2NwIjoiQWxsU2l0ZXMuRnVsbENvbnRyb2wgQWxsU2l0ZXMuTWFuYWdlIEFsbFNpdGVzLlJlYWQgQWxsU2l0ZXMuV3JpdGUgTXlGaWxlcy5SZWFkIE15RmlsZXMuV3JpdGUgU2l0ZXMuU2VhcmNoLkFsbCBUZXJtU3RvcmUuUmVhZC5BbGwgVGVybVN0b3JlLlJlYWRXcml0ZS5BbGwgVXNlci5SZWFkLkFsbCBVc2VyLlJlYWRXcml0ZS5BbGwiLCJzdWIiOiJPNkZtZVNnVk1ieUxXcUUtVVFhLUNxRUdxZ0ZOZW9adrwevzvzxcvcvzxVlX25hbWUiOiJlcmljZmFuZ0BrZW5vd2F1Lm9ubWljcm9zb2Z0LmNvbSIsInVwbiI6ImVyaWNmYW5nQGtlbm93YXUub25taWNyb3NvZnQuY29tIiwidXRpIjoibzY1WFZNOG53MGlWTFZxZnNvRU9BQSIsInZlciI6IjEuMCJ9.LjxUSSWnsMTzk1Mj4Y5xn2X9Q4arUxb1Tp1FDvQqckOYIlLhg8WPg0LcAOvQVBiTA3U9IkedpXaqfre6rvycj8OZI7a6UY3YUoppJMyZ9VmmvDuDHZVIawwIk61XBQGzfVrbRu5w9BJzrbTwJCw-zlGWxbtnx_Acvz1D8kPmsWKNP7OUCVjB9hlqdBx-wAwofKxNRuJRKzIcixHhwBAveNs9MoAvn-hQ3qLIuckkW6zyjhFAqo7C_n-3Gsu_ajvin0uIbEK2G_I3SqtEMOBa9ZMdCC4aq9Mlu9AADnBYMua_29-f5SoBXy1OIfjEasdfwer35asefyuksyhtBBkW1Chog


Click "Use Token"

====== 6. Get the Response Body ======

Click "Send" button. Done.



  • In site collection scope (need SharePoint or Site Collection admin rights)


We can follow this post. It contains 5 steps. (I choose an alternative way in step 3)

====== 1. Register app ======

Go to SPO site through web browser:
https://<company name>.SharePoint.com/sites/test1/_layouts/15/appregnew.aspx

The app identifier has been successfully created.

Client Id:  71b53e1e-6260-4a8d-8423-8ca65439271a
Client Secret:  SbyJ/JghRiadfdasfadsLFWswZJGHlm9UFDp0cU=
Title:  postman
App Domain:  localhost
Redirect URI:  https://localhost

Copy the Client Secret (key) to a safe place. This key will be used to get the token.


Click "OK"


====== 2. Grant permission to this App ======

https://<company name>.SharePoint.com/sites/test1/_layouts/15/appinv.aspx

Read-Only rights of the sub site:

 <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" />
</AppPermissionRequests>

Full-Control rights of the whole site collection:

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>



====== 3. Get SPO Tenant GUID, resource GUID and client GUID ======

Instead of PostMan, it's much easier to get the information from this page: https://<company name>.sharepoint.com/sites/test1/_layouts/appprincipals.aspx


The app identifier syntax is: i:0i.t|ms.sp.ext|AppGUID@TenantGUID

"resource GUID" means the app GUID of SharePoint Online itself, which is: 00000003-0000-0ff1-ce00-000000000000

====== 4. Get Bearer token ======

Launch PostMan, 

https://accounts.accesscontrol.windows.net//tokens/OAuth/2

Post

Headers
Key                     Value
Content-Type application/x-www-form-urlencoded

Body
Key                     Value
grant_type           client_credentials
client_id              <ClientID>@<TenantID>
client_secret        SbyJ/JghRiadfdasfadsLFWswZJGHlm9UFDp0cU=
resource               00000003-0000-0ff1-ce00-000000000000/<company name>.sharepoint.com@<TenantGUID>



Click "Send". Copy "access_token" to a safe place.



====== 5. Access SPO through restful API ======

Launch PostMan,

https://<company name>.sharepoint.com/sites/test2/_api/web/lists

Get

Headers
Key                               Value
Accept                       application/json;odata=verbose
Authorization               Bearer

Click "Send"


Done.

The procedure is similar with C# or Javascript.
Posted by at
Labels: , ,

4 comments:

  1. erectile dysfunction drugNovember 26, 2020 at 3:07 AM

    Valuable info. Fortunate me I discovered your site accidentally, and I'm shocked why this twist of fate didn't came about earlier! I bookmarked it.

    ReplyDelete
    Replies
    1. AnonymousApril 20, 2022 at 10:42 AM

      Eric Fang'S Sharepoint Boat: How To Get Sharepoint Online Access Authentication For Third-Party Tools, Such As Postman Or Fiddler >>>>> Download Now

      >>>>> Download Full

      Eric Fang'S Sharepoint Boat: How To Get Sharepoint Online Access Authentication For Third-Party Tools, Such As Postman Or Fiddler >>>>> Download LINK

      >>>>> Download Now

      Eric Fang'S Sharepoint Boat: How To Get Sharepoint Online Access Authentication For Third-Party Tools, Such As Postman Or Fiddler >>>>> Download Full

      >>>>> Download LINK sS

      Delete
  2. erectile dysfunction natural remediesNovember 26, 2020 at 3:17 AM

    Heya i'm for the first time here. I came across this board and I find It truly useful & it helped me out a lot. I hope to give something back and help others like you helped me.

    ReplyDelete
  3. erectile dysfunction treatmentNovember 26, 2020 at 3:45 AM

    Great site. Plenty of useful information here. I'm sending it to a few buddies ans additionally sharing in delicious. And naturally, thanks in your sweat!

    ReplyDelete

Subscribe to: Post Comments (Atom)