Skip to content

Instantly share code, notes, and snippets.

@wictorwilen
Last active April 21, 2024 09:04
Show Gist options
  • Save wictorwilen/db67725a66a3e40789e3 to your computer and use it in GitHub Desktop.
Save wictorwilen/db67725a66a3e40789e3 to your computer and use it in GitHub Desktop.
SharePoint Online: App Only policy PowerShell tasks with ACS
# For more information see: http://www.wictorwilen.se/sharepoint-online-app-only-policy-powershell-tasks-with-acs
$clientId = "<INSERT YOUR CLIENT ID HERE>"
$secret = "<INSERT YOUR CLIENT SECRET HERE>";
$redirecturi = "<INSERT YOUR REDIRECT URI HERE>"
$url = "https://<TENANT>.sharepoint.com/sites/contoso/"
$domain = "<TENANT>.sharepoint.com"
$identifier = "00000003-0000-0ff1-ce00-000000000000"
$realm = ""
$headers = @{Authorization = "Bearer "}
try {
$x = Invoke-WebRequest -Uri "$($url)_vti_bin/client.svc" -Headers $headers -Method POST -UseBasicParsing
} catch {
#We will get a 401 here
$realm = $_.Exception.Response.Headers["WWW-Authenticate"].Substring(7).Split(",")[0].Split("=")[1].Trim("`"")
}
[System.Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null
$body = "grant_type=client_credentials"
$body += "&client_id=" +[System.Web.HttpUtility]::UrlEncode( $clientId + "@" + $realm)
$body += "&client_secret=" +[System.Web.HttpUtility]::UrlEncode( $secret)
$body += "&redirect_uri=" +[System.Web.HttpUtility]::UrlEncode( $redirecturi)
$body += "&resource=" +[System.Web.HttpUtility]::UrlEncode($identifier + "/" + $domain + "@" + $realm)
$or = Invoke-WebRequest -Uri "https://accounts.accesscontrol.windows.net/$realm/tokens/OAuth/2" `
-Method Post -Body $body `
-ContentType "application/x-www-form-urlencoded"
$json = $or.Content | ConvertFrom-Json
$headers = @{
Authorization = "Bearer " + $json.access_token;
Accept ="application/json"
}
# Craft the Rest queries as you wish...
Invoke-RestMethod -Uri "$($url)_api/lists/GetByTitle('Documents')/Items" -Method Get -Headers $headers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment