Reputation: 4690
Sharepoint REST API access token does not return all sites
I am trying to get all the sites in Sharepoint Online using a Sharepoint Add-in App's access token. When I do so I only get 17 of the 35 sites that I can see when viewing all of the sites in the admin portal.
It's also worth noting that when I use an access token from an azure app, making the same call I get all the apps.
What is the difference? How can I get all the sites using the sharepoint token?
This is the admin portal link where i can see all the sites:
https://<MY-TENANT>-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/siteManagement
This is where I created my Sharepoint App:
https://<MY-TENANT>-admin.sharepoint.com/_layouts/15/appregnew.aspx
And here are the permissions I gave it:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl"/>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/>
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl"/>
</AppPermissionRequests>
For the Working Azure App, I registered the app in the azure portal and assigned these permissions:
MS GRAPH API:
Profile
Sites.FullControl.All
Group.ReadWrite.All
SHAREPOINT API:
Sites.FullControl.All
TermStore.Read.All
User.ReadWrite.All
The same rest call I'm using in both cases is:
https://<MY-TENANT>.sharepoint.com/_api/search/query?querytext='contentclass:STS_Site%20contentclass:STS_Web'&selectproperties='UniqueId,Title,SiteName,Path,Description,contentclass'&startrow=0&rowlimit=100
UPDATE:
Using a client_credentials access_token seemed to give me all the sites, whereas the authorization_code access_token did not... Code flow is generally better, Ideally I would use that, but maybe given the configuration of the app it doesn't make sense here?
Upvotes: 0
Views: 531
Answers (1)
Reputation: 4690
I believe I understand what the issue was:
We were trying to use OAuth Code Flow ('authorization_code' grant_type) with the app. Sharepoint does support this, however it doesn't support the "FullControl" right when requesting access in this manner. So instead we had been putting in the "Manage" right. When using the Manage right we were effectively reducing our permissions. This prevented us from calling paths such as: /_api/web/roleassignments
when switching to use the client_credentials flow we started seeing the same results as the azure app's access_token.
Upvotes: 1
Related Questions
- SharePoint Get all sites and all sub sites using SharePoint online REST API
- Getting a 403 Forbidden error accessing the SharePoint _api/Web/SiteUsers
- SharePoint Online REST by using access_token still getting 403
- SP Online REST API Issue when uses AZURE Access token
- Microsoft Access Token Request Error - 400 Bad Request
- Accessing SharePoint sites doesn't work in Graph API
- 403 when trying to list web spaces via Azure websites management REST API
- Office 365 Rest Api Having issues getting access token
- How to get list of all azure web sites using RESTful API
- StackExchange API returning less sites than actual number