-
-
Notifications
You must be signed in to change notification settings - Fork 344
/
Copy pathauth_app_principal_aad.py
41 lines (29 loc) · 1.54 KB
/
auth_app_principal_aad.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from office365.runtime.auth.token_response import TokenResponse
from office365.sharepoint.client_context import ClientContext
from tests import settings, test_site_url
"""
Important: for Application authenticated against Azure AD blade, calling SharePoint v1 API endpoint when
using Client Credentials flow (app-only access) will return 401 error, meaning this flow is NOT supported (blocked)
unless:
- AAD app is explicitly granted access via ACS as explained here: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
- Client Certificate flow is utilized instead as explained here https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
Refer, for instance, this thread for a more details:
https://docs.microsoft.com/en-us/answers/questions/131535/azure-app-cannot-access-sharepoint-online-sites-us.html
"""
def acquire_token():
authority_url = "https://login.microsoftonline.com/{0}".format(
settings.get("default", "tenant")
)
import msal
app = msal.ConfidentialClientApplication(
authority=authority_url,
client_id=settings.get("client_credentials", "client_id"),
client_credential=settings.get("client_credentials", "client_secret"),
)
token_json = app.acquire_token_for_client(
scopes=["https://mediadev8.sharepoint.com/.default"]
)
return TokenResponse.from_json(token_json)
ctx = ClientContext(test_site_url).with_access_token(acquire_token)
target_web = ctx.web.get().execute_query()
print(target_web.url)