Sample code for 30+ languages & platforms
SQL Server

SharePoint Rest API using OAuth

See more OAuth2 Examples

Demonstrates how to get an OAuth2 access token for the SharePoint REST API.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- To further clarify, see OAuth 2.0 Authorization Flow

    DECLARE @oauth2 int
    EXEC @hr = sp_OACreate 'Chilkat.OAuth2', @oauth2 OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- The ListenPort should match the port in your localhost Reply URL of your Azure AD app.
    -- Your Reply URL must be exactly "http://localhost:LISTEN_PORT/"
    --    * Do not use "https"
    --    * Make sure the ending "/" is included.
    --    * You may choose any port number that doesn't collide with anything else.
    EXEC sp_OASetProperty @oauth2, 'ListenPort', 3017

    EXEC sp_OASetProperty @oauth2, 'AuthorizationEndpoint', 'https://login.microsoftonline.com/TENANT_ID/oauth2/authorize'
    EXEC sp_OASetProperty @oauth2, 'TokenEndpoint', 'https://login.windows.net/TENANT_ID/oauth2/token?api-version=1.0'

    -- Replace these with actual values.
    -- Use the application ID
    EXEC sp_OASetProperty @oauth2, 'ClientId', 'CLIENT_ID'
    -- Use the password
    EXEC sp_OASetProperty @oauth2, 'ClientSecret', 'CLIENT_SECRET'

    EXEC sp_OASetProperty @oauth2, 'CodeChallenge', 0

    EXEC sp_OASetProperty @oauth2, 'Scope', 'openid'
    EXEC sp_OASetProperty @oauth2, 'Resource', 'https://graph.microsoft.com/'

    EXEC sp_OASetProperty @oauth2, 'IncludeNonce', 1
    EXEC sp_OASetProperty @oauth2, 'ResponseMode', 'form_post'
    EXEC sp_OASetProperty @oauth2, 'ResponseType', 'id_token+code'

    -- Begin the OAuth2 Authorization code flow.  This returns a URL that should be loaded in a browser.
    DECLARE @url nvarchar(4000)
    EXEC sp_OAMethod @oauth2, 'StartAuth', @url OUT
    EXEC sp_OAGetProperty @oauth2, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @oauth2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END


    PRINT 'url = ' + @url

    -- Launch the default browser on the system and navigate to the url.
    -- The LaunchBrowser method was added in Chilkat v10.1.2.
    EXEC sp_OAMethod @oauth2, 'LaunchBrowser', @success OUT, @url
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @oauth2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    -- Wait for the user to approve or deny authorization in the browser.
    DECLARE @numMsWaited int
    SELECT @numMsWaited = 0
    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    WHILE (@numMsWaited < 90000) and (@iTmp0 < 3)
      BEGIN
        EXEC sp_OAMethod @oauth2, 'SleepMs', NULL, 100
        SELECT @numMsWaited = @numMsWaited + 100
      END

    -- If the browser does not respond within the specified time, AuthFlowState will be:
    -- 
    -- 1: Waiting for Redirect – The OAuth2 background thread is waiting for the browser's redirect request.
    -- 2: Waiting for Final Response – The thread is awaiting the final access token response.
    -- In either case, cancel the background task initiated by StartAuth.

    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 < 3
      BEGIN
        EXEC sp_OAMethod @oauth2, 'Cancel', @success OUT

        PRINT 'No response from the browser!'
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    -- Check AuthFlowState to determine if authorization was granted, denied, or failed:
    -- 
    -- 3: Success – OAuth2 flow completed, the background thread exited, and the successful response is in AccessTokenResponse.
    -- 4: Access Denied – OAuth2 flow completed, the background thread exited, and the error response is in AccessTokenResponse.
    -- 5: Failure – OAuth2 flow failed before completion, the background thread exited, and error details are in FailureInfo.

    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 = 5
      BEGIN

        PRINT 'OAuth2 failed to complete.'
        EXEC sp_OAGetProperty @oauth2, 'FailureInfo', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 = 4
      BEGIN

        PRINT 'OAuth2 authorization was denied.'
        EXEC sp_OAGetProperty @oauth2, 'AccessTokenResponse', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END

    EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
    IF @iTmp0 <> 3
      BEGIN

        EXEC sp_OAGetProperty @oauth2, 'AuthFlowState', @iTmp0 OUT
        PRINT 'Unexpected AuthFlowState:' + @iTmp0
        EXEC @hr = sp_OADestroy @oauth2
        RETURN
      END


    PRINT 'OAuth2 authorization granted!'

    EXEC sp_OAGetProperty @oauth2, 'AccessToken', @sTmp0 OUT
    PRINT 'Access Token = ' + @sTmp0

    EXEC @hr = sp_OADestroy @oauth2


END
GO