wictorwilen · April 21, 2024 09:04
diff --git a/AppOnly-ACS-PowerShell-Sample.ps1 b/AppOnly-ACS-PowerShell-Sample.ps1
 # For more information see: http://www.wictorwilen.se/sharepoint-online-app-only-policy-powershell-tasks-with-acs

 $clientId = "<INSERT YOUR CLIENT ID HERE>"
 $secret = "<INSERT YOUR CLIENT SECRET HERE>";
 $redirecturi = "<INSERT YOUR REDIRECT URI HERE>"

 $url = "https://<TENANT>.sharepoint.com/sites/contoso/"
 $domain = "<TENANT>.sharepoint.com"

 $identifier = "00000003-0000-0ff1-ce00-000000000000"


 $realm = ""
 $headers = @{Authorization = "Bearer "} 
 try { 
    $x = Invoke-WebRequest -Uri "$($url)_vti_bin/client.svc" -Headers $headers -Method POST -UseBasicParsing
 } catch {
    #We will get a 401 here
      $realm = $_.Exception.Response.Headers["WWW-Authenticate"].Substring(7).Split(",")[0].Split("=")[1].Trim("`"")
 }

 [System.Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null
 $body = "grant_type=client_credentials"
 $body += "&client_id=" +[System.Web.HttpUtility]::UrlEncode( $clientId + "@" + $realm)
 $body += "&client_secret=" +[System.Web.HttpUtility]::UrlEncode( $secret)
 $body += "&redirect_uri=" +[System.Web.HttpUtility]::UrlEncode( $redirecturi)
 $body += "&resource=" +[System.Web.HttpUtility]::UrlEncode($identifier + "/" + $domain + "@" + $realm)


 $or = Invoke-WebRequest -Uri "https://accounts.accesscontrol.windows.net/$realm/tokens/OAuth/2" `
    -Method Post -Body $body `
    -ContentType "application/x-www-form-urlencoded"
 $json = $or.Content | ConvertFrom-Json


 $headers = @{
    Authorization = "Bearer " + $json.access_token;
    Accept ="application/json"
 } 

 # Craft the Rest queries as you wish...
 Invoke-RestMethod -Uri "$($url)_api/lists/GetByTitle('Documents')/Items" -Method Get -Headers $headers
	# For more information see: http://www.wictorwilen.se/sharepoint-online-app-only-policy-powershell-tasks-with-acs

	$clientId = "<INSERT YOUR CLIENT ID HERE>"
	$secret = "<INSERT YOUR CLIENT SECRET HERE>";
	$redirecturi = "<INSERT YOUR REDIRECT URI HERE>"

	$url = "https://<TENANT>.sharepoint.com/sites/contoso/"
	$domain = "<TENANT>.sharepoint.com"

	$identifier = "00000003-0000-0ff1-ce00-000000000000"


	$realm = ""
	$headers = @{Authorization = "Bearer "}
	try {
	$x = Invoke-WebRequest -Uri "$($url)_vti_bin/client.svc" -Headers $headers -Method POST -UseBasicParsing
	} catch {
	#We will get a 401 here
	$realm = $_.Exception.Response.Headers["WWW-Authenticate"].Substring(7).Split(",")[0].Split("=")[1].Trim("`"")
	}

	[System.Reflection.Assembly]::LoadWithPartialName("System.Web") \| Out-Null
	$body = "grant_type=client_credentials"
	$body += "&client_id=" +[System.Web.HttpUtility]::UrlEncode( $clientId + "@" + $realm)
	$body += "&client_secret=" +[System.Web.HttpUtility]::UrlEncode( $secret)
	$body += "&redirect_uri=" +[System.Web.HttpUtility]::UrlEncode( $redirecturi)
	$body += "&resource=" +[System.Web.HttpUtility]::UrlEncode($identifier + "/" + $domain + "@" + $realm)


	$or = Invoke-WebRequest -Uri "https://accounts.accesscontrol.windows.net/$realm/tokens/OAuth/2" `
	-Method Post -Body $body `
	-ContentType "application/x-www-form-urlencoded"
	$json = $or.Content \| ConvertFrom-Json


	$headers = @{
	Authorization = "Bearer " + $json.access_token;
	Accept ="application/json"
	}

	# Craft the Rest queries as you wish...
	Invoke-RestMethod -Uri "$($url)_api/lists/GetByTitle('Documents')/Items" -Method Get -Headers $headers