This section describes how to authenticate into SharePoint REST API using Azure AD Applications by delegating permissions from a service account.
Permission Delegation
Authentication Flow
This approach uses Oauth2 auth code flow, which requires the user or service account being logged in Microsoft Azure system.
First the user initiates the initial authentication request with Aspire, which redirects the user to Microsoft login page to consent the permissions being requested.
If consented, Microsoft returns a redirection back to the Aspire Admin UI with the authorization code as a parameter.
Aspire then uses this code to request a Refresh Token from Microsoft and stores it securely for it to be used in future crawls.
Aspire redirects the user back to the Aspire Admin UI.
https://[aspire-manager-host]:[port]/aspire/_api/sharepoint/authorize authenticate
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
"autoStart": { "application": [ { "@config": "com.accenture.aspire:app-sharepointonline-delegated-permissions" } |
bin/aspire.sh -us path/to/settings.json
Save the credential, and go to the Connections section, create a new Connection if there isn't one yet.