适用于SharePoint 365 REST的Oauth2 [英] Oauth2 for SharePoint 365 REST

问题描述

我正在尝试使用OAuth2和REST API连接到Sharepoint Online(Sharepoint 365?)内容.我需要从Python进行此操作，因为它是对现有应用程序的补充.我已经设法使用OAuth2和REST将应用程序连接到Google云端硬盘，所以我想我了解使用OAuth2的基本知识.

I'm trying to connect to Sharepoint Online (Sharepoint 365?) content using OAuth2 and the REST API. I need to do this from Python as it is an addition to an existing application. I have already managed to connect the application to Google Drive using OAuth2 and REST, so I think I understand the fundamentals of using OAuth2.

我尝试了多种位置组合来配置client_id和client_secret以及对访问和刷新令牌进行身份验证和接收.

I've tried a number of combinations of places to configure the client_id and client_secret and authenticate and receive access and refresh tokens.

到目前为止，我已经能够接收刷新令牌并使用它来获取访问令牌；但是，我无法使用访问令牌访问Sharepoint 365网站上的内容.

So far I have been able to receive a refresh token and use it to obtain an access token; however, I'm unable to use the access token to access content on the Sharepoint 365 site.

为配置client_id和client_secret，我使用Azure管理门户将Sharepoint站点与AAD关联.然后，我使用client_id和client_secret将一个应用程序添加到Sharepoint AD条目中.在Sharepoint中，我使用appregnew.aspx注册了client_id，并验证了该应用程序是否出现在appprincipals.aspx中.

For configuring the client_id and client_secret I associated my Sharepoint site with AAD using the Azure Management Portal. Then I added an application to the Sharepoint AD entry with the client_id and client_secret. In Sharepoint I used appregnew.aspx to register the client_id and verified the application appears in appprincipals.aspx.

我使用以下方式致电身份验证服务: .../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint

I call the authentication service using: .../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint

并能够进行身份验证，接收代码，回叫到 .../login.windows.net/common/oauth2/token和代码，并接收访问和刷新令牌.

and am able to authenticate, receive a code, call back to .../login.windows.net/common/oauth2/token with the code and receive access and refresh tokens.

我序列化了这些令牌，并从一个单独的流程调用中进行了序列化 .../login.windows.net/common/oauth2/token和带有refresh_token，client_id，client_secret和grant_type = refresh_token的令牌，并接收新的访问令牌.

I serialized those tokens and from a separate process call .../login.windows.net/common/oauth2/token with the refresh_token, client_id, client_secret, and grant_type=refresh_token and receive a new access token.

最后，我呼叫Sharepoint服务终结点 -my.sharepoint.com/personal//_api/web/files' 使用新的访问令牌，它无法告诉我资源Microsoft.Sharepoint无效(无效的受众Uri'Microsoft.SharePoint')

Finally I call in to Sharepoint service endpoint -my.sharepoint.com/personal//_api/web/files' with the new access token and it fails telling me the resource Microsoft.Sharepoint is invalid (Invalid audience Uri 'Microsoft.SharePoint')

我一直在旋转车轮，尝试配置client_id的位置的各种排列，这是我所了解的范围.由于所有文档和示例似乎都依赖于使用TokenHelper之类的C#库，因此我觉得我缺少了一些关键但简单的东西，找不到所需的信息.

I've been spinning my wheels trying various permutations of where the client_id is configured and this is as far as I've gotten. Since all the documentation and examples seem to depend on using C# libraries such as TokenHelper I feel like I'm missing something key but simple and can't find the required information.

是否有人使用Python，Ruby，Java等连接到Sharepoint Online?如果是这样:

Has anyone connected to Sharepoint Online using Python, Ruby, Java, etc? If so:

1. client_id应该在哪里配置?
2. 获得刷新和访问令牌的端点是什么?
3. 请求令牌的适当受众uri或资源是什么?

非常感谢！

推荐答案

我已使用PHP成功连接到SharePoint Online.在我看来，您正在结合两种不同的方法来做到这一点. 这是我所做的:

I've successfully connected to SharePoint Online using PHP. It looks to me like you're combining two different methods to do so. Here is what I did:

• 在管理门户上的Azure AD中注册我的应用，以获取client_id，client_secret，redirectUri和对网站的Office 365的正确权限.
• 在 https://login.microsoftonline.com/common/oauth2/authorize处调用授权端点
• 在 https://login.microsoftonline.com/common/oauth2/上调用令牌服务终结点令牌
• 使用访问令牌调用SharePoint REST终结点.
• 资源应该只是您的SharePoint网站的URL.

• Register my app in Azure AD on the Management Portal to get client_id, client_secret, redirectUri and the right permissions on Office 365 for sites.
• Call the authorization endpoint at https://login.microsoftonline.com/common/oauth2/authorize
• Call the token service endpoint at https://login.microsoftonline.com/common/oauth2/token
• Call the SharePoint REST endpoint with the access token.
• The resource should be simply the URL of your SharePoint site.

appregnew.aspx和appprincipals.aspx页面用于SharePoint的应用程序，但看起来并不像您正在构建的页面.

The appregnew.aspx and appprincipals.aspx pages are used for apps for SharePoint but it doesn't look like you're building one.

这篇关于适用于SharePoint 365 REST的Oauth2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！