Friday, April 3, 2020

Access Sharepoint online using Azure AD app (Oauth On Behalf Of flow)


I worked on a sample ps script that uses ADAL to achieve On-Behalf-Of flow and use the access token to access Sharepoint Online resource

Read more about authentication flows https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios

Read more about On-behalf-Of flows from https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#service-to-service-access-token-request  

Steps

1     1. Register an app in Azure AD https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
2     2.  Add client secret

3      3. Add permission to Sharepoint
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-permissions-to-access-web-apis

4       4. Run the following in Windows Powershell ISE


Install the ADAL PS module using the below command

Install-Module -Name ADAL.PS


 Sample Script

$authority = "https://login.microsoftonline.com/tenant.onmicrosoft.com"
 $resourceUrl =  "<<application Id>>"     #On-Behalf_of flow- We need to get token for the appid

$clientId = "<<application Id>>"
$redirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient" # you should have marked the app as native client in Azure AD
$clientSecret = ConvertTo-SecureString "<<Client secret>>" -AsPlainText -Force
$tenantId="<<tenant GUID>"
$userID="<<Guid of the user>>"


# I use implicit grant flow to get access token for the application
$response = Get-ADALToken -Resource $resourceUrl  -UserId $userID -ClientId $clientId -UserIdType UniqueId   -Authority $authority -PromptBehavior: Auto -RedirectUri $redirectUri

$token = $response.AccessToken
$spresourceUrl="https://tenant.sharepoint.com/.default"

# I use the access token in assertion to get on-behalf-of access token for the Sharepoint online resource


$body = @{}
$body.Add("grant_type","urn:ietf:params:oauth:grant-type:jwt-bearer")
$body.Add("client_id","$clientId ")
$body.Add("client_secret","$clientSecret")
$body.Add("assertion","$token")
$body.Add("scope","$spresourceUrl")
$body.Add("requested_token_use","on_behalf_of")



$curl="https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$res=Invoke-WebRequest -Method POST -Uri $curl -Body $body 
$authtoken =$res.Accesstoken

$headers = @{}
$headers.Add("Accept","application/json")
$headers.Add("Authorization","Bearer $authtoken")

$curl2="https://tenant.sharepoint.com/_api/search/query?querytext='test'"
$response1 =  Invoke-RestMethod -Method Get -Uri $curl2 -Headers $headers -Verbose -ContentType application/json
$response1








at No comments:
Labels: , , , , , , ,

Access Sharepoint online using Azure AD app (Oauth Implicit grant flow)


I worked on a sample ps script that uses ADAL to achieve implicit grant flow and use the access token to access Sharepoint Online resource

Read more about authentication flows https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios

Read more about implicit grant flows from https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow

Steps

1.      1. Register an app in Azure AD https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
2.      Add client secret

3.      2. Add permission to Sharepoint
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-permissions-to-access-web-apis

4.      3. Run the following in Windows Powershell ISE


Install the ADAL PS module using the below command

Install-Module -Name ADAL.PS


 Sample Script

$authority = "https://login.microsoftonline.com/tenant.onmicrosoft.com"
$resourceUrl =https://tenant.sharepoint.com"
$clientId = "<<application Id>>"
$redirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient" # you should have marked the app as native client in Azure AD
$clientSecret = ConvertTo-SecureString "<<Client secret>>" -AsPlainText -Force
$tenantId="<<tenant GUID>"
$userID="<<Guid of the user>>"



$response = Get-ADALToken -Resource $resourceUrl  -UserId $userID -ClientId $clientId -UserIdType UniqueId   -Authority $authority -PromptBehavior: Auto -RedirectUri $redirectUri

$token = $response.AccessToken

$headers = @{}
$headers.Add("Accept","application/json")
$headers.Add("Authorization","Bearer $token")

$curl="https://tenant.sharepoint.com/_api/search/query?querytext='test'"
$response1 =  Invoke-RestMethod -Method Get -Uri $curl -Headers $headers -Verbose -ContentType application/json
$response1








at No comments:
Labels: , , , , , , , ,

Get Web title - Sharepoint Online Powershell


Install the module 

Install-Module -Name Microsoft.Online.SharePoint.PowerShell


Sample Script


$loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
$loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")


$siteUrl = "https://tenant.sharepoint.com"
$username = read-host "type username"   #example admin@tenant.onmicrosoft.com
$password = read-host "type password" -AsSecureString

#========================= Client context ===============================

$spocred= New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username,$password )
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl)
$ctx.Credentials = $spocred

$web = $ctx.Web
$ctx.Load($web)
$ctx.ExecuteQuery()
Write-Host " Current web title is '$($web.Title)' "


at No comments:
Labels: , ,
Subscribe to: Posts (Atom)