JavaScript
JavaScript
SharePoint Rest API using OAuth
See more OAuth2 Examples
Demonstrates how to get an OAuth2 access token for the SharePoint REST API.
Note
This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat
v11.4.0 or greater.
var success = false;
// To further clarify, see OAuth 2.0 Authorization Flow
var oauth2 = new CkOAuth2();
// The ListenPort should match the port in your localhost Reply URL of your Azure AD app.
// Your Reply URL must be exactly "http://localhost:LISTEN_PORT/"
// * Do not use "https"
// * Make sure the ending "/" is included.
// * You may choose any port number that doesn't collide with anything else.
oauth2.ListenPort = 3017;
oauth2.AuthorizationEndpoint = "https://login.microsoftonline.com/TENANT_ID/oauth2/authorize";
oauth2.TokenEndpoint = "https://login.windows.net/TENANT_ID/oauth2/token?api-version=1.0";
// Replace these with actual values.
// Use the application ID
oauth2.ClientId = "CLIENT_ID";
// Use the password
oauth2.ClientSecret = "CLIENT_SECRET";
oauth2.CodeChallenge = false;
oauth2.Scope = "openid";
oauth2.Resource = "https://graph.microsoft.com/";
oauth2.IncludeNonce = true;
oauth2.ResponseMode = "form_post";
oauth2.ResponseType = "id_token+code";
// Begin the OAuth2 Authorization code flow. This returns a URL that should be loaded in a browser.
var url = oauth2.StartAuth();
if (oauth2.LastMethodSuccess == false) {
console.log(oauth2.LastErrorText);
return;
}
console.log("url = " + url);
// Launch the default browser on the system and navigate to the url.
// The LaunchBrowser method was added in Chilkat v10.1.2.
success = oauth2.LaunchBrowser(url);
if (success == false) {
console.log(oauth2.LastErrorText);
return;
}
// Wait for the user to approve or deny authorization in the browser.
var numMsWaited = 0;
while ((numMsWaited < 90000) && (oauth2.AuthFlowState < 3)) {
oauth2.SleepMs(100);
numMsWaited = numMsWaited+100;
}
// If the browser does not respond within the specified time, AuthFlowState will be:
//
// 1: Waiting for Redirect – The OAuth2 background thread is waiting for the browser's redirect request.
// 2: Waiting for Final Response – The thread is awaiting the final access token response.
// In either case, cancel the background task initiated by StartAuth.
if (oauth2.AuthFlowState < 3) {
oauth2.Cancel();
console.log("No response from the browser!");
return;
}
// Check AuthFlowState to determine if authorization was granted, denied, or failed:
//
// 3: Success – OAuth2 flow completed, the background thread exited, and the successful response is in AccessTokenResponse.
// 4: Access Denied – OAuth2 flow completed, the background thread exited, and the error response is in AccessTokenResponse.
// 5: Failure – OAuth2 flow failed before completion, the background thread exited, and error details are in FailureInfo.
if (oauth2.AuthFlowState == 5) {
console.log("OAuth2 failed to complete.");
console.log(oauth2.FailureInfo);
return;
}
if (oauth2.AuthFlowState == 4) {
console.log("OAuth2 authorization was denied.");
console.log(oauth2.AccessTokenResponse);
return;
}
if (oauth2.AuthFlowState !== 3) {
console.log("Unexpected AuthFlowState:" + oauth2.AuthFlowState);
return;
}
console.log("OAuth2 authorization granted!");
console.log("Access Token = " + oauth2.AccessToken);