SharePoint OAuth Authentication | Authorizing REST API SharePoint| Get Access token from SharePoint | Set up OAuth for SharePoint | SharePoint Integration | Rest API Integration

SharePoint is a web-based collaborative platform that integrates with Microsoft Office. It was launched in 2001 and is primarily used as a document management and storage system, but the product is highly configurable and usage varies substantially among organizations.

In this blog, we will see how we can get the access token from Sharepoint using PostMan tool.

Step 1: Join the Microsoft 365 Developer Program

1. Go to the Join the Microsoft 365 Developer Program page.
2. Click on Join now and complete the Signup process.

Microsoft 365 Developer Program

Keep note of the domain name and Administrator email, this will be the email we will be using in the next steps.

Step 2: Register an app in SharePoint

a. Navigate to https://<domain_name.sharepoint.com>/layouts/15/appregnew.aspx (For ex: https://sp0l.sharepoint.com/_layouts/15/appregnew.aspx)

b. Click Generate for Client Id and Client Secret and provide a name.

c. Fill in the app domain (www.salesforce.com). Enter the Redirect URL, it should be https and the URL.

d. Click Create.

Note down the Client Id, Client Secret & Redirect URI for future use.

Step 3: Get the Realm of your site using PostMan.

1. Open PostMan App (Get it from here)
2. Create a GET request with url https://<domain_Name>.sharepoint.com/_vti_bin/client.svc
3. Headers, ‘Authorization’ : ‘Bearer’ & ‘Content-Type’ : ‘text/html’
4. Send Request and click on Header section in response and scroll down till you see Bearer realm. (screenshot attached below)

Note down the Bearer realm for future use.

Step 4: Get the Authorization code

1. Construct the below url using your domain, client Id, and redirect uri and scope value from the following link.

(Choose Scope: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/authorization-code-oauth-flow-for-sharepoint-add-ins?redirectedfrom=MSDN#Scope )

https://<yourdomain>.sharepoint.com/_layouts/15/OAuthAuthorize.aspx?client_id=client_ID&scope=app_permissions_list&response_type=code&redirect_uri=redirect_uri

Ex : https://sp0l.sharepoint.com/_layouts/15/OAuthAuthorize.aspx?client_id=04b8208f-XXXXXXXX-967c-d11ee0c0baef&scope=Web.Read&response_type=code&redirect_uri=https://localhost/

Go to this url in browser and we will reach authorization screen where we have click ‘Trust it’ button.

Once clicked we will redirect to another URL that appends our redirect uri with authorization code as shown below. Copy and paste the auth code for future use.

https://redirect_url/?code=<authcode>

Step 5: Get the access token and refresh token

1. Construct the below url and body for POST request in POSTMAN

URL : https://accounts.accesscontrol.windows.net/<site_realm>/tokens/OAuth/2

site_realm — use the code which we got in Step 3 (Ex. https://accounts.accesscontrol.windows.net/d4567ad6-6567-41cb-b792-24716a55bv90/tokens/OAuth/2 )

Body:

grant_type=client_credentials&client_id=<client_id>@<site_realm>&client_secret=<client_secret>&code=<auth_code>&redirect_uri=<redirect_url>&resource=< audience principal ID>/<site_host>@<site_realm>

Use Client Id, Client Secret & Redirect URI from Step 2, site_realm from Step 3, and auth_code from Step 4.

“<client_id from Step 2>@<site_realm from Step 3>” —> Copy this combined string and encode it before using. (Encode here)

<client_secret from Step 2> → Use it without encoding

<auth_code from step 4>→ Use it without encoding

<redirect_url from Step 2>→ Use it without encoding

< audience principal ID>/<site_host>@<site_realm> →

audience principal ID is a permanent security principal ID for SharePoint- ‘00000003–0000–0ff1-ce00–000000000000’

site_host → <domain>-admin.sharepoint.com (Ex. sp0l-admin.sharepoint.com)

<site_realm from Step 3>

— > Copy this combined string and encode it before using. (Encode here)

Final Body will look like :

grant_type=client_credentials
&client_id=MDRiODIC00YzA3LTk2N2MtZDExZWUwYzBiYWVmQGU0NDYxZDQyLWRiYWMtNGE4Yi1hhYWRjNWU2NjAxNA==
&client_secret=XVISvN07LhwUnTD/NL4ZHVNnXWJ3ugfd4fpHY4=
&code=PAQABAAEAAAD%2D%2DDLddgJg7Wevrl9VRg4Gll1SU4xawkfKxVCNrUkPPeG9ddWFhRjC3qzte7ybDyI%2Df4SVxmzsT26jtQiQGQAV%2DYpONw55qbSQs5HUJtzvunGhtmmyJlaxc9hZNQt51KIAA
&redirect_uri=https%3A%2F%2Flocalhost%2F
&resource=MDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL3NwMGw0NjFkNDItZGJhM1ZTY2MDE0

Header

Content-Type : application/x-www-form-urlencoded

Craete post request and Send for getting access token as response

We can use this Access code for accessing sharepoint for our requirements.

Reference :

1. https://docs.microsoft.com/en-us/sharepoint/dev/
2. https://spshell.blogspot.com/2015/03/sharepoint-online-o365-oauth.html
3. https://www.base64encode.org/