I have been using the application credentials(Bearer token based on tenant id) from Azure ad to get the list of all the sites in the sharepoint.
I have been hitting the https://graph.microsoft.com/v1.0/sites?search=* apis in graph but getting only few subsites and not all sitelist.
But when i use the same url in graph explorer it returns all the site list.
I have all the permissions configured for the user in Azure Ad for sites.
please van any one help
Related
When I attempt to retrieve the sAMAccountName from Azure AD via Microsoft Graph and oAuth, the attribute is not returned.
I am trying to retrieve the onPremisesSamAccountName through oAuth from Microsoft Graph on my Azure AD tenant. My local domain syncs with Azure, and I have selected the sAMAccountName directory extension for syncing. However, when I make my GET request to the Graph REST URI, I get back the correct user object, but I don't get back the onPremisesSamAccountName.
Here is my request:
https://graph.windows.net/myorganization/users/user#domain.com?api_version=1.6
That request returns the user object with a truckload of properties. When I try the following (in the hopes of "$select"ing the field, Microsoft returns the metadata URL--which actually contains the onPremisesSamAccountName property definition.
https://graph.windows.net/myorganization/users/user#somain.com?api-version=1.6&$select=onPremisesSamAccountName
Am I not formatting my query correctly? In the Azure AD portal, I have the following API permissions specified:
You can use Microsoft Graph API to get onPremisesSamAccountName property. Here is the Microsoft Graph explorer.
https://graph.microsoft.com/v1.0/users/{userObjectId}?$select=onPremisesSamAccountName
By the way, the permissions you granted are Microsoft graph api permissions, not Azure AD graph api permissions. Azure AD graph is different from Microsoft Graph. It is recommended to use Microsoft Graph API.
Is it possible to authenticate to Sharepoint Online REST API with Azure AD application v2.0 authentication? If yes, which scope should I use for requesting my permissions. Now (for MS Graph API usage) I request "https://graph.microsoft.com/.default" as scope but didn't find any alternative to this for Sharepoint Online REST API.
I already registered an application on apps.dev.miscrosoft.com, this application is available on portal.azure.com. There I have added required permissions for Sharepoint Online.
Yes you can. To do this first you need to get a new access token using a regular refresh token you got for the graph already:
POST https://login.microsoftonline.com/{{tenantName}}/oauth2/v2.0/token
Except this time pass the following for the scope header:
https://{{tenantName}}.sharepoint.com/Sites.Read.All
Your application will need to already be consented for this scope etc...
The response will give you can access token that can be used again SPO APIs.
It should be the same authentication with Azure AD, the scope you are looking for should be the Site scopes.
https://learn.microsoft.com/en-us/graph/permissions-reference?view=graph-rest-beta#sites-permissions
Do not have SharePoint sites to check but if permission are granted to the application you should be able to query SharePoint site using Azure Graph APIs.
https://learn.microsoft.com/en-us/graph/api/resources/sharepoint?view=graph-rest-beta
Overview
https://learn.microsoft.com/en-us/graph/sharepoint-concept-overview
I would like to create an API to get the SharePoint list data using CSOM and Azure functions.
This article explains to get the data from SharePoint. But i do not want to put my user name and password into the code.
Is there a SharePoint API that can be exposed by a token so that it is secure to retrieve the SharePoint List e.g. AADHttpclient.
This article explains how to secure the azure function but instead of consuming the Azure function. I would like to have an SharePoint API that i can consume in my Azure function API.
To configure permissions, you could configure your Azure Function to uses Access Token authentication. That way you will get Azure AD App created for you, and there you can configure necessary permissions for a resource. Both Microsoft Graph and SharePoint Online are available as resources.
Afterwards, you can either use Microsoft Graph API or SharePoint CSOM, depending on the API Access that you select.
From the Azure Active Directory v2.0 authentication libraries we can see lots of samples about how to use libraries to connect Active Directory. It seems all of them should create an application at apps.dev.microsoft.com first. Then use the Application ID and a new password to act the clientID and clientSecret in a client or server middleware application.
This way, one user can use the application to login by oauth 2 or openid through the Azure Active Directory API. Also can get the personal information such as user profile correctly.
But, if I want to get all the users information in a tenant one time, is there an API can do?
But, if I want to get all the users information in a tenant one time,
is there an API can do?
You can use Microsoft Graph API - specifically List Users API.
https://graph.microsoft.com/v1.0/users
For a quick test, try using Microsoft Graph Explorer
Similarly you can list users with Azure AD Graph API as well, but it would be recommended to use Microsoft Graph API.
Read Microsoft Graph or Azure AD Graph and this SO Post (Only case to use Azure AD Graph API would be if you need something very specific that you aren't able to achieve with stable version of the newer Microsoft Graph API.)
Azure AD Graph API to list users (not recommended)
https://graph.windows.net/myorganization/users
I am using the Windows Azure Management Libraries and is getting a list of subscriptions and the WAAD tenant id (a guid) for each subscription. This means I just need to sign in to the WAAD to get permision to manage my subscriptions.
I am developing an application and guids are not that pritty in the UI so I am looking for some C# code or just just the rest call I can query for the name.
I have a access token from the AuthenticatinoContext of Microsoft.IdentityModel.Clients.ActiveDirectory
The DisplayName property should give you what you want:
http://msdn.microsoft.com/en-us/library/windowsazure/hh974467.aspx
This is available via a REST call to the Graph API. For more information on the Graph, see:
http://msdn.microsoft.com/en-us/library/windowsazure/hh974476.aspx