Hi Alex,

Thanks for sharing such a wonderful blog, But I need to confirm what I supposed to add in the token service URL for OAuth2 Client Credential. For example My tenant is: https://xyz.sharepoint.com then what would be my token service URL for that please let me know.

Thanks,

Sufiyan

I cannot tell you how much I really appreciate this blog post!  I had been working on reading lists from SharePoint 365 over graph for months!  This new adapter works and I can return a SharePoint list.  Thank you for taking the time to write this!

Hi Joel, 
Could you please guide in letting know what should be given in the token service URL ?

Hello hemalatha2022,

Sure. Though, to answer your question, I should tell you the specifics of my requirement.  I have setup Delegated, verses Application, authentication over Microsoft Graph.  

Authorization: https://login.microsoftonline.com/(Your Tenant GUID)/oauth2/v2.0/authorize

Token Service URL: https://login.microsoftonline.com/(Your Tenant GUID)/oauth2/v2.0/token

Scope: https://graph.microsoft.com/.default offline_access

Hi Alex,

This is informative blog. 

What would be the corresponding steps on Microsoft's end to complete this setup (creation of secret, token, granting access to specific sharepoint, etc). 

Thanks,

Puneet

Hello,

From where can I get the ClientID and the Client Secret please 

I notice, like amazon adapter too, there is no implementation with Poll Enrich to get a file inside a flow.

There is some future update with this feature?

Hi @alexkowalczuk 
Thank you for this excellent blog. 
Can you please expand on the content modifier body that was passed as payload in the SharePoint adapter. Was it in binary format ? I saw a JSON as constant in the body, how was the file actually uploaded. 

Hi @alexkowalczuk 

Even I do also have the same question as siddhartha_rou24

What has been passed as body and how exactly file has been uploaded on the SharePoint ?
Can you please give us the light on that ?

Thank you for this blog, we too are struggling to ask the right questions to obtain the clientid/secret from the Azure account for a particular folder, including the Token URL.

Hi , 

 Initially the implementation worked well but lately I am getting intermittent errors . 

  LastError           = com.sap.adapters.factory.sharepoint.exception.SharePointException: Problem during retrieving the access token for the OAuth2 client credential HTTPReceiverSharePointCreateFolder: java.lang.NullPointerException: while trying to invoke the method com.sap.esb.security.TrustManagerFactory.getTrustManagers() of a null object loaded from local variable 'trustManagerFactory', cause: java.lang.NullPointerException: while trying to invoke the method com.sap.esb.security.TrustManagerFactory.getTrustManagers() of a null object loaded from local variable 'trustManagerFactory'

Based on the error above it seems like adapter is unable to retrieve the credentials from the security materials or the adapter is unable to retrieve a token from the Microsoft token engine. 

Has anyone else experience this problem. Any suggestions would be appreciated .

Thank you .

Robert 

Hi Alex

I follow your way, but getting this error "InvalidAuthenticationToken - Access token validation failure. Invalid audience".

Any properties of OAuth2 Client Credential working well using postman. But, get above error when applied in security material.

Kindly help for this bloody stuff.

Hi All , 

Just an update on my issue below.  

LastError           = com.sap.adapters.factory.sharepoint.exception.SharePointException: Problem during retrieving the access token for the OAuth2 client credential HTTPReceiverSharePointCreateFolder: java.lang.NullPointerException: while trying to invoke the method com.sap.esb.security.TrustManagerFactory.getTrustManagers() of a null object loaded from local variable 'trustManagerFactory', cause: java.lang.NullPointerException: while trying to invoke the method com.sap.esb.security.TrustManagerFactory.getTrustManagers() of a null object loaded from local variable 'trustManagerFactory'

Further investigation indicated that the request to access the security materials failed (credential store) only on Instance ID 0.

In addition to this I was unable to deploy any artifacts. 

The SAP dev ops team restarted the instances to free apparent locks that was visible to them.  Latest update from SAP - investigating root cause and will get back to you. 

Regards 

Robert 

I'm getting the error "Access token validation failure. Invalid audience". Any idea why?

@ALL @Tau @yasithal @taufikanang 

Does anyone able to resolve below error?

InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience

It would be a great help if you provide the solution for this issue.

Thanks,

Ram.

I've asked to Cloud AI:

I can help you troubleshoot the SharePoint API authentication error. The "Invalid audience" error typically occurs when the token's audience (aud claim) doesn't match what SharePoint expects.

For SharePoint Online API calls, here are the common solutions:

1. Make sure you're using the correct resource/audience URL:
```
https://{your-tenant-name}.sharepoint.com
```

2. Check your authentication code. Here's a basic example using Microsoft Graph authentication:

```python
from msal import ConfidentialClientApplication

# Configure your app
app_config = {
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"authority": "https://login.microsoftonline.com/YOUR_TENANT_ID",
"scope": ["https://YOUR_TENANT.sharepoint.com/.default"]
}

# Create MSAL app instance
app = ConfidentialClientApplication(
app_config["client_id"],
authority=app_config["authority"],
client_credential=app_config["client_secret"]
)

# Get token
result = app.acquire_token_silent(app_config["scope"], account=None)
if not result:
result = app.acquire_token_for_client(scopes=app_config["scope"])
```

To help debug this further, could you share:
1. Which authentication method you're using (Client Credentials, Authorization Code, etc.)?
2. How you're obtaining the access token?
3. The scope(s) you're requesting in your token?

Hi @bdBais 

Please see my comments below.

1. Which authentication method you're using (Client Credentials, Authorization Code, etc.)?

I am using OAuth2 Authorization Code

2. How you're obtaining the access token?

Accessing sharepoint server by using user credentials provided.

3. The scope(s) you're requesting in your token?

https://{your-tenant-name}.sharepoint.com/.default

Thanks,

ram.

Hello All,

Please modify OAuth2 Client Credentials as shown in screenshot. It should work.

BR,
Krushna Band