适用于SharePoint 365 REST的Oauth2 [英] Oauth2 for SharePoint 365 REST
问题描述
我正在尝试使用OAuth2和REST API连接到Sharepoint Online(Sharepoint 365?)内容.我需要从Python进行此操作,因为它是对现有应用程序的补充.我已经设法使用OAuth2和REST将应用程序连接到Google云端硬盘,所以我想我了解使用OAuth2的基本知识.
I'm trying to connect to Sharepoint Online (Sharepoint 365?) content using OAuth2 and the REST API. I need to do this from Python as it is an addition to an existing application. I have already managed to connect the application to Google Drive using OAuth2 and REST, so I think I understand the fundamentals of using OAuth2.
我尝试了多种位置组合来配置client_id和client_secret以及对访问和刷新令牌进行身份验证和接收.
I've tried a number of combinations of places to configure the client_id and client_secret and authenticate and receive access and refresh tokens.
到目前为止,我已经能够接收刷新令牌并使用它来获取访问令牌;但是,我无法使用访问令牌访问Sharepoint 365网站上的内容.
So far I have been able to receive a refresh token and use it to obtain an access token; however, I'm unable to use the access token to access content on the Sharepoint 365 site.
为配置client_id和client_secret,我使用Azure管理门户将Sharepoint站点与AAD关联.然后,我使用client_id和client_secret将一个应用程序添加到Sharepoint AD条目中.在Sharepoint中,我使用appregnew.aspx注册了client_id,并验证了该应用程序是否出现在appprincipals.aspx中.
For configuring the client_id and client_secret I associated my Sharepoint site with AAD using the Azure Management Portal. Then I added an application to the Sharepoint AD entry with the client_id and client_secret. In Sharepoint I used appregnew.aspx to register the client_id and verified the application appears in appprincipals.aspx.
我使用以下方式致电身份验证服务: .../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint
I call the authentication service using: .../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint
并能够进行身份验证,接收代码,回叫到 .../login.windows.net/common/oauth2/token和代码,并接收访问和刷新令牌.
and am able to authenticate, receive a code, call back to .../login.windows.net/common/oauth2/token with the code and receive access and refresh tokens.
我序列化了这些令牌,并从一个单独的流程调用中进行了序列化 .../login.windows.net/common/oauth2/token和带有refresh_token,client_id,client_secret和grant_type = refresh_token的令牌,并接收新的访问令牌.
I serialized those tokens and from a separate process call .../login.windows.net/common/oauth2/token with the refresh_token, client_id, client_secret, and grant_type=refresh_token and receive a new access token.
最后,我呼叫Sharepoint服务终结点 -my.sharepoint.com/personal//_api/web/files' 使用新的访问令牌,它无法告诉我资源Microsoft.Sharepoint无效(无效的受众Uri'Microsoft.SharePoint')
Finally I call in to Sharepoint service endpoint -my.sharepoint.com/personal//_api/web/files' with the new access token and it fails telling me the resource Microsoft.Sharepoint is invalid (Invalid audience Uri 'Microsoft.SharePoint')
我一直在旋转车轮,尝试配置client_id的位置的各种排列,这是我所了解的范围.由于所有文档和示例似乎都依赖于使用TokenHelper之类的C#库,因此我觉得我缺少了一些关键但简单的东西,找不到所需的信息.
I've been spinning my wheels trying various permutations of where the client_id is configured and this is as far as I've gotten. Since all the documentation and examples seem to depend on using C# libraries such as TokenHelper I feel like I'm missing something key but simple and can't find the required information.
是否有人使用Python,Ruby,Java等连接到Sharepoint Online?如果是这样:
Has anyone connected to Sharepoint Online using Python, Ruby, Java, etc? If so:
- client_id应该在哪里配置?
- 获得刷新和访问令牌的端点是什么?
- 请求令牌的适当受众uri或资源是什么?
非常感谢!
推荐答案
我已使用PHP成功连接到SharePoint Online.在我看来,您正在结合两种不同的方法来做到这一点. 这是我所做的:
I've successfully connected to SharePoint Online using PHP. It looks to me like you're combining two different methods to do so. Here is what I did:
- 在管理门户上的Azure AD中注册我的应用,以获取client_id,client_secret,redirectUri和对网站的Office 365的正确权限.
- 在 https://login.microsoftonline.com/common/oauth2/authorize处调用授权端点
- 在 https://login.microsoftonline.com/common/oauth2/上调用令牌服务终结点令牌
- 使用访问令牌调用SharePoint REST终结点.
- 资源应该只是您的SharePoint网站的URL.
- Register my app in Azure AD on the Management Portal to get client_id, client_secret, redirectUri and the right permissions on Office 365 for sites.
- Call the authorization endpoint at https://login.microsoftonline.com/common/oauth2/authorize
- Call the token service endpoint at https://login.microsoftonline.com/common/oauth2/token
- Call the SharePoint REST endpoint with the access token.
- The resource should be simply the URL of your SharePoint site.
appregnew.aspx和appprincipals.aspx页面用于SharePoint的应用程序,但看起来并不像您正在构建的页面.
The appregnew.aspx and appprincipals.aspx pages are used for apps for SharePoint but it doesn't look like you're building one.
这篇关于适用于SharePoint 365 REST的Oauth2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!