使用Office 365 OAuth API对SharePoint端点进行身份验证

时间:2014-11-24 22:56:06

标签: sharepoint office365

我正在尝试使用提到的here Office 365 API访问sharepoint在线网站 我正在获取身份验证令牌并调用发现服务,如下所示:

httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
response = await httpClient.GetAsync(new Uri("https: / /api.office.com/discovery/me/services"));
data = await response.Content.ReadAsStringAsync();

我在结果中获得以下类型的端点URL:

  1. OneDrive
    https:// sometenant-my.sharepoint.com/personal/sometenant_data_onmicrosoft_com/_api

  2. 展望相关的 https:/ /outlook.office365.com/api/v1.0

    3. 我在结果中没有获得SharePoint的任何端点URL。 如果我尝试以下代码:

     httpClient = new HttpClient();
 httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
 httpClient.DefaultRequestHeaders.Add("Accept", "application/json; odata=verbose");
 response = await httpClient.GetAsync("https://sometenant.sharepoint.com/_api/web/lists/getByTitle('Documents')/items");
 data = await response.Content.ReadAsStringAsync();

    我在响应流中得到以下内容:

    "{\"error\":\"invalid_client\",\"error_description\":\"Invalid audience Uri 'Microsoft.SharePoint'.\"}"

    回复中的错误是:

    {StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  x-ms-diagnostics: 3000003;reason="Invalid audience Uri 'Microsoft.SharePoint'.";category="invalid_client"
  SPRequestGuid: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
  request-id: 8462cf9c-c093-1000-a3da-fc5e1aab16c1
  SPRequestDuration: 37
  SPIisLatency: 25
  MicrosoftSharePointTeamServices: 16.0.0.3431
  X-Content-Type-Options: nosniff
  X-MS-InvokeApp: 1; RequireReadOnly
  Date: Mon, 24 Nov 2014 22:45:46 GMT
  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
  Server: Microsoft-IIS/7.5
  WWW-Authenticate: Bearer realm="xxxxxx-xxxx-xxxxx-xxxx-xxxxxxxx",client_id="xxxxxxxx-xxx-xxxx-xxxx-000000000000",trusted_issuers="xxxxxxx-xxxx-xxx-xxx-000000000000@*,https : // sts.windows.net/*/,00000003-0000-xxxxx-ce00-000000000000@xxxxxxxx-xxxxx-11e1-xxxx-xxxxxxx",authorization_uri="https://login.windows.net/common/oauth2/authorize"
  X-Powered-By: ASP.NET
  Content-Length: 93
}}

    我相信我应该能够使用Office 365 API访问SharePoint数据。

    我已经让app完全控制所有网站集权限。

    请告知我在这里遗失了什么。

1 个答案:

答案 0 :(得分:2)

您尝试获取 access_token时的目标网址与SharePoint所需的目标网址不同。我不知道为什么,Office365 access_token为SharePoint工作似乎是合乎逻辑的,但事实并非如此。

因此,我假设您已从SharePoint注册的应用中获得 client_id client_secret 。如果没有,您可以通过两种方式注册新申请:

  
      
  1. https:// {your tenantID} .sharepoint.com / _layouts / 15 / appregnew.aspx
    2.   

(出于某种原因,在尝试获取acess_token时,Azure ACS未对此处生成的client_secret进行验证,至少对我来说这不是。所以我尝试了下面的那个)

  
      
  1. 登录您的azure管理门户网站,然后转到:
    2.         

    活动目录(左侧底部)>默认目录(如果没有   以前有任何)>申请>添加

此处填写您的应用程序的详细信息, APP ID URI ='https:// {您的tenantID} .sharepoint.com /'以及“对其他应用程序的权限”的底部“别忘了添加应用程序> Office 365 SharePoint Online

获取授权码:

  

的https:// {tenantID} .sharepoint.com / _layouts / oauthauthorize.aspx CLIENT_ID = {乌尔   客户   ID}&安培;范围= Web.Read&安培; RESPONSE_TYPE =代码&安培; REDIRECT_URI = HTTPS%3A%2F%2Flocalhost%2F

在chrome中键入以上网址并输入,您将被重定向到上面指定的网址。你最终会在

结束
  

https://localhost/?code= {授权码}”

复制授权码

获得持有者领域:

获取请求

  

https:// {your tenantID} .sharepoint.com / _vti_bin / client.svc

授权:持票人(标题)

从响应标头中获取Bearer领域组件并保存。

获取访问令牌:

POST请求

  

https://accounts.accesscontrol.windows.net/ {bearer realm} / tokens / OAuth / 2

和身体参数

  

grant_type = authorization_code& client_id = {ur client   id}& client_secret = {ur client secret}& code = {auth code from you got   这一步   以上}&安培; REDIRECT_URI = HTTPS%3A%2F%2Flocalhost%2F&安培;资源= 00000003-0000-0ff1-ce00-000000000000%2F {您   tenantID} .sharepoint.com%40 {bearer realm}

& resource = 00000003-0000-0ff1-ce00-000000000000对于sharepoint来说是永久性的

这应该返回一个带有访问令牌的响应&刷新令牌,现在使用此功能,您将能够访问SharePoint REST API。

相关问题
最新问题