How to use App Only permission with Graph.Community extension library
Closed this issue · 3 comments
This project may be my saver, so first of all thank you!
I am developing an Azure function to create 365 groups/sites/teams based on company standard.
I can do most of it with Graph using tenant/clientID/client secret
My issue is site columns and content types. Your Sample shows applying SiteScripts and that could be my solution.
My problem now is with the authentication.
I changed your code to use:
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(azureAdOptions.ClientId) .WithTenantId(azureAdOptions.TenantId) .WithClientSecret(azureAdOptions.ClientSecret) .Build(); IAuthenticationProvider ap = new ClientCredentialProvider(confidentialClientApplication);
But I get an unexpected error on the line:
var createdScript = await graphServiceClient.SharePointAPI(WebUrl).SiteScripts.Request().CreateAsync(siteScript);
So questions:
- How can I make it work with App Only?
- How can I use $"https://{sharepointDomain}/.default" scopes?
- Can I use files to load the SiteScripts ? just replace " with " ?
Thank Very much
Without knowing the error details, it is difficult to answer completely.
- The application registration will require AllSites.FullControl granted as an Application Permission, not Delegated permission
- That should work, assuming item 1 is correct.
- I don't understand this point. You need to pass the site script in the SiteScriptMetadata object. If you read it from a file first, that is fine. But you cannot pass a filename to the library.
The error is:
Code: generalException
Message: Unexpected exception returned from the service.
I tried to use:
var pca = ConfidentialClientApplicationBuilder
.Create(azureAdOptions.ClientId)
.WithTenantId(azureAdOptions.TenantId)
.WithClientSecret(azureAdOptions.ClientSecret)
.Build();
But did not find a replacment to ap = new DeviceCodeProvider(pca, scopes);
My line:
ap = new ClientCredentialProvider(confidentialClientApplication); does not have the scopes paramenter. So maybe that is what is missing.
The Azure registration is good because I was able to use your code as-is.
It did not find the Green Theme but I don't really care about it. :-)
Paul,
I read in Waldek Mastykarz's blog That "SharePoint Online only allows using app-only access tokens obtained using a certificate. " That probably explains why I could not your code to work.
He also says: "Getting access tokens using a certificate isn't supported in ADAL on .NET Core" but that is no longer true. I tested with Core 3.0 and I did not need his helper code.
I will try to use your library with a Certificate.
Thank you.