def get_app_only_access_token(self, target_host, target_realm):
resource = self.get_formatted_principal(self.SharePointPrincipal, target_host, target_realm)
principal_id = self.get_formatted_principal(self.client_id, None, target_realm)
sts_url = self.get_security_token_service_url(target_realm)
oauth2_request = self.create_access_token_request(principal_id, self.client_secret, resource)
response = requests.post(url=sts_url, headers={'Content-Type': 'application/x-www-form-urlencoded'},
data=oauth2_request)
return TokenResponse.from_json(response.json())
def authenticate_request(self, request):
"""
:type request: RequestOptions
"""
token_json = self._acquire_token_callback()
token = TokenResponse.from_json(token_json)
request.set_header('Authorization',
'Bearer {0}'.format(token.accessToken))
def acquire_token():
authority_url = 'https://login.microsoftonline.com/{0}'.format(settings.get('default', 'tenant'))
import msal
app = msal.ConfidentialClientApplication(
authority=authority_url,
client_id=settings.get('client_credentials', 'client_id'),
client_credential=settings.get('client_credentials', 'client_secret')
)
token_json = app.acquire_token_for_client(scopes=["https://mediadev8.sharepoint.com/.default"])
return TokenResponse.from_json(token_json)
def acquire_token(self, parameters):
try:
token_url = "{authority}/oauth2/token".format(authority=self.authority_url)
response = requests.post(url=token_url,
headers={'Content-Type': 'application/x-www-form-urlencoded'},
data=parameters)
self.token = TokenResponse.from_json(response.json())
return self.token.is_valid
except requests.exceptions.RequestException as e:
self.error = "Error: {0}".format(e)
return False
def _acquire_token_for_client_certificate():
authority_url = 'https://login.microsoftonline.com/{0}'.format(tenant)
scopes = [f"{self.url}/.default"]
credentials = {"thumbprint": thumbprint, "private_key": open(cert_path).read()}
app = msal.ConfidentialClientApplication(
client_id,
authority=authority_url,
client_credential=credentials,
)
result = app.acquire_token_for_client(scopes)
return TokenResponse.from_json(result)
def _get_app_only_access_token(self, target_host, target_realm):
"""
:type target_host: str
:type target_realm: str
"""
resource = self.get_formatted_principal(self.SharePointPrincipal,
target_host, target_realm)
principal_id = self.get_formatted_principal(self._client_id, None,
target_realm)
sts_url = self.get_security_token_service_url(target_realm)
oauth2_request = {
'grant_type': 'client_credentials',
'client_id': principal_id,
'client_secret': self._client_secret,
'scope': resource,
'resource': resource
}
response = requests.post(
url=sts_url,
headers={'Content-Type': 'application/x-www-form-urlencoded'},
data=oauth2_request)
response.raise_for_status()
return TokenResponse.from_json(response.json())