我正在尝试访问我的Sharepoint网站中列表的项目。我已经在页面“ https://XXXXXX.sharepoint.com/sites/XXXXX/_layouts/15/appregnew.aspx”上创建了一个clientId和secretId。然后,在页面“ https://XXXXX.sharepoint.com/sites/XXXXX/_layouts/15/appinv.aspx”上创建访问规则。 在此页面上,我为访问规则设置XML代码,例如:
<AppPermissionRequests><AppPermissionRequest
Scope="http://sharepoint/content/sitecollection"
Right="FullControl"/></AppPermissionRequests>
我创建规则并在下一页上确认。
在我的应用中,我获得了带有此代码的令牌
let payload = `grant_type=client_credentials
&client_id=${clientId}@${tenantId}
&client_secret=${clientSecret}
&resource=${resource}/${domain}@${tenantId}`;
let authOptions = {
hostname: 'accounts.accesscontrol.windows.net',
path: `/${tenantId}/tokens/OAuth/2`,
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': Buffer.byteLength(payload)
}
};
let req = https.request(authOptions, res => {...})
然后我执行此操作以获取列表中的项目:
let listOptions = {
hostname: 'XXXXX.sharepoint.com',
path: '/sites/XXX/_api/lists/getbytitle('MyList')/items',
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': `bearer ${accessToken}`,
'Accept': 'application/json'
}
};
let req = https.request(listOptions, res => {
res.setEncoding('utf8');
let stringResult = '';
res.on('data', chunk => {
stringResult += chunk.toString();
});
Sharepoint始终返回此错误
"{"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."}}}"
答案 0 :(得分:0)
我终于找到了为什么它不起作用。我需要添加AllowAppOnlyPolicy:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />