Authenticating with SharePoint Online using Python MSAL library

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video I'm gonna show you how to authenticate with SharePoint online using Python and MSA Library this could be useful in a lot of scenarios where we would like to use SharePoint in our automatic scripts or our backend solution Etc so to authenticate with SharePoint online we have to do the following one ensure you have a certificate so a public and private Keys upload the certificate to Azure Paul portal for our app registration get the certificate some print it's going to be used in our we have to use it in our MSO making the request to create application credentials with amsol then I'm going to show you how to use Amazon library to authenticate with SharePoint and we are going to test connectivity end to end to actually check if our authentication worked as we expected we're going to use amsol library and one of the things that I've noticed is that we have multiple authentication methods in SharePoint well in actually in azure and our in our in my case I have created an application so I'm going to azure active directory and I have my app registration and I have my demo application that I've created in for my pre some one of the previous videos and I can authorize to use Microsoft graph using secrets so I have actually a secret that I've created and I can use the secret to authenticate and use the graph API however if I want to use SharePoint I cannot use the secret for some reasons um if you want to use SharePoint API SharePoint online you need to use certificates to authenticate so I'm going to show you how to do that in a second I will actually remove the certificate and I'm going to show you how how you can do that and what we can do to create a certificate um out of it end to end so first of all um let me create a certificate and I will show you how to do that I have a cheat sheet and um able to create a certificate using this command so open SSL um require a new request new key and I'm going to create actually two files key and certificates I'm going to use create the the public and the the private key with it um it's gonna ask you for a couple of things I'm not going to provide a lot of stuff in it I think that's it and now we should see our two files being created one is the private key one is the public key so to say so the private key is the certificate dot Pam and the public is key.pam so what I have to do I have to upload the search pen to azure so let me do that I'm gonna upload this certificate now upload certificate let me select the file I'm using the oops it's not the folder oh that's the folder so let's okay it's uploaded and now my certificate actually created a thumbprint so I'm gonna I'm gonna copy it I'm gonna use it in the code that we are going to create so that's one thing so it's okay to the SharePoint similar it actually works very similarly to Microsoft graph application we did before so what we need is a client ID entity we would need Authority and the private key itself foreign we have then uh you will create an M cell application so from it's all import computers from client application and we will have to provide here the client ID Authority and our client credentials which will be equal to our certificates so to build the certificate to build a certificate we have to create a dictionary private key so the private key and we need the thumbprint which is our blueprints certificate thumb print so cool so this is the certificate you have to provide now let me fill in those the blanks so to say so let me go to the overview of the application to get the client ID and the Tenant so this is the application ID [Music] the tenant ID where is the 1020d here we go something doesn't work copy okay copied [Music] okay Authority if you remember from the the getting graph API this is basically a string that is saying DPS [Music] login.micro soft online.com slash Canon 3D so we're almost ready there's one thing that we don't have which is the private key so if I go here and then I do cat key pen here we have the private key so what I basically do I'm copy pasting the whole thing including the begin private keyned and private key texts and I'm gonna paste it here I'm trying not to get additional spaces at the beginning and cut the full certificate here I'm gonna of course remove this certificate from from My Demo SharePoint or demo Azure portal um so I'm not let's say worried about displaying this of course private Keys should be kept private uh public Keys should be as well called um should be kept secrets and you should not share them with anyone they should be treated with with respect so to say so that no one gets hacked okay um so now we have our M cell application created what we need to do we have to as well Define now the Scopes so scopes for our applications are different if we want to use graphic API the scopes for the graph API are as for as follows [Music] on the default however for SharePoint we have to use different scopes scopes for sure online and these are basically this is the domain of our SharePoint that we have in my case my domain is this so I'm gonna copy paste my SharePoint domain and I'm done uh I'm just coming to this out I will not be using this one so now what what you do now is you do results we want to get the authentication token from our M cell application [Music] so what we do we acquire token for client and we provide the Scopes we are interested in and in our case is going to be the SharePoint Scopes so this one this is really important to ensure that you don't use scope for graph that you use the scope for SharePoint because otherwise we will get altercation errors so now let's see if we have our off token in the response [Music] sorry for Access token in results then our access token is going to be equal to let's get [Music] okay now we are almost ready to start querying our SharePoint so what we have to do is now create the headers with the authorization is going to be [Music] are better and RX talking and as per the recommendation we have to [Music] ask for specific stuff that we are we can accept Okay so data propose and another one is called type [Music] type application Json cool um now we are going to querying our SharePoint set so we need to make sure that we understand what is the SharePoint side base URL uh Banks URL and so we're going to be our website that we're gonna query [Music] so let's see what we have here I will have I have a demo communication site I'll turn the sides that I have here I've created a demo site and this is the demo site that I have so I'm gonna use this this is the URL I'm gonna use and just to test our API I'm gonna go and you know I'm gonna let's say check if we what what are the side groups that we have so it's gonna be our traveling Place URL and it's gonna be underscore API web [Music] foreign so now let's make our request and import requests so let me important that some can't URL is going to be SharePoint URL and headers will be equals to our headers cool and now let's do a print status [Music] discount and let's say I want to as well do some bumps Json [Music] so we are going to do a pretty print foreign 200 and let's see what is the outcome [Music] let's take a typo to the pretty print so to say of the response ah here we go so you can see I was able to get the request I got 200 response and I was able to get the the groups side groups of my site in this case these are owners users [Music] you have the login name the titles and a lot of stuff related to that groups which is good and you can of course use it to do a query of different other apis so uh to sum up what we did so we ensured we have a certificate so I generated the certificate using an open SSL command the public and private keys the search.m is the public one the one that we shared with the world the key is the private key that we keep secret and then I've uploaded the certificate to SharePoint uh sorry to Azure portal I got the thumb print of that certificate now we use the amsa library conflict with SharePoint and then we are able to connect with do the test of connectivity end-to-end we obtain the groups of the SharePoint and there's a lot of other stuff that you can do with SharePoint if you want and that point I hope you enjoyed it I hope that you enjoyed the video and guys please subscribe and like the video if you liked it and in the comments you can ask me for other stuff that you would like me to maybe create a video on okay thank you and uh have a nice day

Info

Channel: Python Bites

Views: 19,102

Rating: undefined out of 5

Keywords: sharepoint, microsoft, msal, python, azure, active directory, aad, api, backend

Id: KWKiwpK-L5o

Channel Id: undefined

Length: 16min 52sec (1012 seconds)

Published: Wed Feb 08 2023