用于 SharePoint 365 REST 的 Oauth2 [英] Oauth2 for SharePoint 365 REST
问题描述
我正在尝试使用 OAuth2 和 REST API 连接到 Sharepoint Online (Sharepoint 365?) 内容.我需要从 Python 执行此操作,因为它是对现有应用程序的补充.我已经设法使用 OAuth2 和 REST 将应用程序连接到 Google Drive,所以我想我了解使用 OAuth2 的基础知识.
I'm trying to connect to Sharepoint Online (Sharepoint 365?) content using OAuth2 and the REST API. I need to do this from Python as it is an addition to an existing application. I have already managed to connect the application to Google Drive using OAuth2 and REST, so I think I understand the fundamentals of using OAuth2.
我尝试了多种位置组合来配置 client_id 和 client_secret 以及验证和接收访问和刷新令牌.
I've tried a number of combinations of places to configure the client_id and client_secret and authenticate and receive access and refresh tokens.
到目前为止,我已经能够接收刷新令牌并使用它来获取访问令牌;但是,我无法使用访问令牌访问 Sharepoint 365 网站上的内容.
So far I have been able to receive a refresh token and use it to obtain an access token; however, I'm unable to use the access token to access content on the Sharepoint 365 site.
为了配置 client_id 和 client_secret,我使用 Azure 管理门户将我的 Sharepoint 站点与 AAD 相关联.然后我将一个应用程序添加到 Sharepoint AD 条目,其中包含 client_id 和 client_secret.在 Sharepoint 中,我使用 appregnew.aspx 注册了 client_id 并验证了该应用程序出现在 appprincipals.aspx 中.
For configuring the client_id and client_secret I associated my Sharepoint site with AAD using the Azure Management Portal. Then I added an application to the Sharepoint AD entry with the client_id and client_secret. In Sharepoint I used appregnew.aspx to register the client_id and verified the application appears in appprincipals.aspx.
我使用以下方法调用身份验证服务:.../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint
I call the authentication service using: .../login.windows.net/common/oauth2/authorize?api-version=1.0&response_type=code&client_id=&redirect_uri=&resource=Microsoft.Sharepoint
并且能够进行身份验证、接收代码、回拨.../login.windows.net/common/oauth2/token 使用代码并接收访问和刷新令牌.
and am able to authenticate, receive a code, call back to .../login.windows.net/common/oauth2/token with the code and receive access and refresh tokens.
我从单独的进程调用中序列化了这些令牌.../login.windows.net/common/oauth2/token 带有 refresh_token、client_id、client_secret 和 grant_type=refresh_token,并接收新的访问令牌.
I serialized those tokens and from a separate process call .../login.windows.net/common/oauth2/token with the refresh_token, client_id, client_secret, and grant_type=refresh_token and receive a new access token.
最后我调用了 Sharepoint 服务端点-my.sharepoint.com/personal//_api/web/files'使用新的访问令牌,但它无法告诉我资源 Microsoft.Sharepoint 无效(无效的受众 Uri 'Microsoft.SharePoint')
Finally I call in to Sharepoint service endpoint -my.sharepoint.com/personal//_api/web/files' with the new access token and it fails telling me the resource Microsoft.Sharepoint is invalid (Invalid audience Uri 'Microsoft.SharePoint')
我一直在旋转我的轮子,尝试配置 client_id 的位置的各种排列,这是我得到的.由于所有文档和示例似乎都依赖于使用诸如 TokenHelper 之类的 C# 库,因此我觉得我缺少一些关键但简单的东西,并且找不到所需的信息.
I've been spinning my wheels trying various permutations of where the client_id is configured and this is as far as I've gotten. Since all the documentation and examples seem to depend on using C# libraries such as TokenHelper I feel like I'm missing something key but simple and can't find the required information.
是否有人使用 Python、Ruby、Java 等连接到 Sharepoint Online?如果是这样:
Has anyone connected to Sharepoint Online using Python, Ruby, Java, etc? If so:
- client_id 应该在哪里配置?
- 获取刷新和访问令牌的端点是什么?
- 请求令牌的适当受众 uri 或资源是什么?
非常感谢!
推荐答案
我已使用 PHP 成功连接到 SharePoint Online.在我看来,您正在结合两种不同的方法来做到这一点.这是我所做的:
I've successfully connected to SharePoint Online using PHP. It looks to me like you're combining two different methods to do so. Here is what I did:
- 在管理门户上的 Azure AD 中注册我的应用,以获取 client_id、client_secret、redirectUri 和 Office 365 站点的正确权限.
- 在 https://login.microsoftonline.com/common/oauth2/authorize 调用授权端点
- 在 https://login.microsoftonline.com/common/oauth2/调用令牌服务端点令牌
- 使用访问令牌调用 SharePoint REST 端点.
- 资源应该只是您的 SharePoint 网站的 URL.
appregnew.aspx 和 appprincipals.aspx 页面用于 SharePoint 应用程序,但它看起来不像您正在构建的应用程序.
The appregnew.aspx and appprincipals.aspx pages are used for apps for SharePoint but it doesn't look like you're building one.
这篇关于用于 SharePoint 365 REST 的 Oauth2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!