This section describes how to authenticate into the SharePoint REST API using Azure AD Applications by delegating permissions from a service account.
Permission Delegation
Authentication Flow
This approach uses Oauth2 auth code flow, which requires the user or service account being logged
into Microsoft Azure system.
First, the user
starts the initial authentication request with Aspire, which redirects the user to the Microsoft login page to consent to the permissions being requested.
If consented, Microsoft returns a redirection
to the Aspire Admin UI with the authorization code as a parameter.
Aspire then uses this code to request a Refresh Token from Microsoft and stores it securely for it to be used in future crawls.
Aspire redirects the user back to the Aspire Admin UI.
https://[aspire-manager-host]:[port]/aspire/_api/sharepoint/authenticate
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
"autoStart": {
"application": [
{
"@config": "com.accenture.aspire:app-sharepointonline-delegated-permissions"
} |
bin/aspire.sh -us path/to/settings.json
Save the credential, and go to the Connections section, create a new Connection if there isn't one yet.