Accessing SharePoint site list from Angular client

Question

If I go to Microsoft's Graph Explorer and use a URL like:

https://graph.microsoft.com/beta/sites/4development106.sharepoint.com:/sites/DBSchenker:/lists/OEC_Docs/items

I can see my request succeeds.

Now if I use the Angular app from GitHub, and the code like

 private sharePointHost: string = "https://4development106.sharepoint.com/sites/DBSchenker/_api/web/lists/getByTitle('OEC_Docs')/items"

  getDocuments(token){
    const httpOptions = {
      headers: new HttpHeaders({
          'Accept':  'application/json;odata=verbose'
          ,'Authorization' : "Bearer " + token
        })
      };

    this.http.get(this.sharePointHost, httpOptions).subscribe(
      (resp) => console.log("respon is::: " + JSON.stringify(resp)),
      (err) => console.log("error:::" + JSON.stringify(err))
    )
  }

It throws:

error:::{"headers":{"normalizedNames":{},"lazyUpdate":null},"status":401,"statusText":"OK","url":"https://4development106.sharepoint.com/sites/DBSchenker/_api/web/lists/getByTitle('OEC_Docs')/items","ok":false,"name":"HttpErrorResponse","message":"Http failure response for https://4development106.sharepoint.com/sites/DBSchenker/_api/web/lists/getByTitle('OEC_Docs')/items: 401 OK","error":{"error_description":"Invalid JWT token. No certificate thumbprint specified in token header."}}

changing the host to (which works in the Graph API explorer)

private sharePointHost: string = "https://graph.microsoft.com/beta/sites/4development106.sharepoint.com:/sites/DBSchenker:/lists/OEC_Docs/items"

throws

error:::{"headers":{"normalizedNames":{},"lazyUpdate":null},"status":401,"statusText":"Unauthorized","url":"https://graph.microsoft.com/beta/sites/4development106.sharepoint.com:/sites/DBSchenker:/lists/OEC_Docs/items","ok":false,"name":"HttpErrorResponse","message":"Http failure response for https://graph.microsoft.com/beta/sites/4development106.sharepoint.com:/sites/DBSchenker:/lists/OEC_Docs/items: 401 Unauthorized","error":{"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure.","innerError":{"request-id":"f5a77afc-0d92-49a0-92c4-e727e056d0a9","date":"2018-10-30T01:42:02"}}}}

I am not sure what I am doing wrong

score 0 · Answer 1 · answered Oct 30 '18 at 06:57

0

Most likely you haven't added sufficient permissions for your app in Azure AD.

If you want to use MS Graph endpoint to access SharePoint data, you should add SharePoint permissions for MS Graph in Azure portal (SharePoint permissions correspond to "site collections"):

If you want to use direct SharePoint REST API (https://4development106.sharepoint.com/sites/DBSchenker/_api/web...), then you should Office 365 SharePoint Online permissions to your registered app:

answered Oct 30 '18 at 06:57

Sergei Sergeev

11,618
5
32
49

where do i access azure AD. overall very confusing stuff as lot of documents indicate that if i am logged in then for local host i dont need to even worry about permissions. and while creating the app i did add Sites.ReadWriteAll – Vik Oct 30 '18 at 16:08
Open your Azure portal, then go Azure Active Directory management view, select your registered app, then under Settings -> Required permissions give the app all permissions you need – Sergei Sergeev Oct 30 '18 at 16:17
this is what i have for graph api: https://www.dropbox.com/s/gc8ziw9ehhjxihh/Screen%20Shot%202018-10-30%20at%2010.25.53%20AM.png?dl=0
but this still fails with "error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure."
– Vik Oct 30 '18 at 17:27
and to mention i could not even find office 365 sharepoint apis. the one with closest name is share point apis which on clicking says use graph apis. – Vik Oct 30 '18 at 17:27
You use App registrations Preview, that's why you see a bit different UI. From your screen, it looks like permissions are good for accessing SharePoint from graph endpoint, but not from SharePoint REST. You should add SharePoint permissions using corresponding SharePoint link in preview or office 365 sharepoint apis in regular app registration view.
For "Access token validation failure" - it seems there are some issues with your MSAL implementation. I suggest asking at github issues about your problem. – Sergei Sergeev Oct 30 '18 at 18:34
well i thought preview is just a different UI not the behind the scene implementation. in other words, i thought giving permissions using preview should be enough. also to minimze, i dont need to get it working same time using graph as well as direct REST. i am fine whatever way works. so which one do u advise to use if i just pick one to narrow down my problem focus – Vik Oct 30 '18 at 18:49
just to add the app i can see using "app reg. preview" i can't find it in regular "app registations" link. – Vik Oct 30 '18 at 18:52

Accessing SharePoint site list from Angular client

1 Answers1