Performing OAuth and Rest calls with SharePoint Online (Without creating an add-in)

Yash Agarwal
Jun 16, 2016 · 3 min read

OAuth is required to make rest calls to SharePoint to manipulate data on behalf of the user who is authenticating.

SharePoint OAuth can be confusing if you try to read and understand it from Microsoft’s documentation especially if you are trying to do without an add-in, I will try to simplify it here.

  1. You need Client Id and Client Secret
  2. Perform OAuth
  3. Making rest calls

Getting client id and secret:

Seller Dashboard
  • Get your client id and secret by going to ‘client ids’ tab

OAuth:

  • Figure out your site url:
    Go to your SharePoint Online instance in browser
    Copy site url from the following pattern
    <site url>/_layout/path
  • Get your site realm:
Request
Response
  • Now send your user to following url to get authorisation code in response
Authorisation Url (Redirect your user to this URL)

User will then see the SharePoint Auth page

SharePoint Authorisation page

On successful authorisation, user will be redirected to the redirect url with code as the url query parameter.

<your_redirect_url>?code=<auth_code>

Use this auth_code to fetch access token from SharePoint.
Also principal_audience_id is a constant with value “00000003–0000–0ff1-ce00–000000000000”

Request for Access Token
Response

You have successfully fetched Access Token

Sample Rest Call:

Fetching folders from SharePoint -

Get Folders

That’s it. Hopefully this was helpful.

One more thing -

Access Token: valid for 12 hrs
Refresh Token: valid for 6 months

For fetching a new access token using refresh token

Access Token using Refresh token

More details:

https://msdn.microsoft.com/en-us/library/office/jj687470.aspx (Different permissions scopes)
https://msdn.microsoft.com/en-us/library/office/jj687469.aspx (Register your Add-In/Client)
https://msdn.microsoft.com/en-us/library/office/dn499819.aspx (Rest api reference)
https://msdn.microsoft.com/en-us/library/office/jj164022.aspx (Rest api reference)

Yash Agarwal

Written by

Software engineer by day and by night.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade