Call SharePoint REST API from Teams Tab
I have a Teams Tab application that needs to do some manipulations with the team's site. The User needs to be authenticated, and all operations are executed on behalf of the user.
Calling the graph API is somewhat documented, I have found a good article here for example: https://bob1german.com/2020/08/31/calling-microsoft-graph-from-your-teams-application-part3/
But I want to call SharePoint REST API directly, not through the graph API because I want to do some operations that are not supported by graph API (yet?), like creating a page.
How can I achieve this?
As far as I understand I need to exchange the token I get from teams to another token that can be used to call SharePoint. (on_behalf_of flow). I added the scopes for SharePoint to the app registration, and requesting those when exchanging the token (https://microsoft.sharepoint-df.com/AllSites.Read for example). But I keep getting 401 access denied.
Please note that this is NOT about calling graph API. This is about the "normal" SharePoint REST API. For calling graph API it works.
More details and REST calls: https://gist.github.com/nbelyh/ec17a4e398069e35c2a2a5dc4447fb2a
Thank to @JeremyKelley-Microsoft for the answer, just posting it here for others:
You need to use https://{tenant}/AllSites.Read (or https://{tenant}/.default) as a scope, it DOES work. The {tenant} is the customer's tenant. Here is the flow:
0. Application registration permissions
1. get the token from teams
microsoftTeams.authentication.getAuthToken() => <teams_token>
2. trade for graph token (on-behalf-of flow)
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
client_id: <**your client id**>
client_secret: <**your client secret**>
grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer
assertion: <**teams_token**>
requested_token_use: on_behalf_of,
scope: https://{tenant}/AllSites.Read
=> returns the <access_token>
3. use access token to access sharepoint REST API (get root site)
GET https://{tenant}/_api/web
headers:
authorization: "bearer " + <access_token>
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?