wilwang · October 29, 2019 13:46
diff --git a/gistfile1.txt b/gistfile1.txt
 1. Create an app registration in Azure Active Directory (Can also create from SPO using _layouts/15/appregnew.aspx)
  a. Under "Authentication", make sure implicit grants are all checked (access tokens and id tokens)
  b. Under "Certificates & secrets", create a secret (jot it down!)
  c. Under "API permissions", add SharePoint appropriate permissions
 
 2. Go to SPO instance app inventory: https://<tenant>.sharepoint.com/_layouts/15/appinv.aspx
  a. UNKONWN: in order to create the app registration on SPO, a secret is required. For some reason, the secret created in the previous
     step (1b) is not the correct format. I've generated a secret and re-created a secret using 1b. I THINK, both secrets would work, 
     but in my test case, i ended up using the 2nd secret I created under 1b.
  b. Fill in details and add permissions xml (https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs)
    i. scope should be "http://sharepoint/content/<tenantId>"
  c. Create, should bring up a screen asking whether to trust the app. Trust should be enabled. If not, something is not quite right.

 3. In order to request the access token, POST to this url and use these body params (POSTMAN)
    POST https://login.microsoftonline.com/<tenantId>/oauth2/v2.0/token
    grant_type:urn:ietf:params:oauth:grant-type:jwt-bearer 
    client_id:<appid>@<tenantid>
    client_secret:<app_secret>
    assertion:<user's auth token>
    requested_token_use:on_behalf_of
    scope:https://<tenant>.sharepoint.com/.default
	1. Create an app registration in Azure Active Directory (Can also create from SPO using _layouts/15/appregnew.aspx)
	a. Under "Authentication", make sure implicit grants are all checked (access tokens and id tokens)
	b. Under "Certificates & secrets", create a secret (jot it down!)
	c. Under "API permissions", add SharePoint appropriate permissions

	2. Go to SPO instance app inventory: https://<tenant>.sharepoint.com/_layouts/15/appinv.aspx
	a. UNKONWN: in order to create the app registration on SPO, a secret is required. For some reason, the secret created in the previous
	step (1b) is not the correct format. I've generated a secret and re-created a secret using 1b. I THINK, both secrets would work,
	but in my test case, i ended up using the 2nd secret I created under 1b.
	b. Fill in details and add permissions xml (https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs)
	i. scope should be "http://sharepoint/content/<tenantId>"
	c. Create, should bring up a screen asking whether to trust the app. Trust should be enabled. If not, something is not quite right.

	3. In order to request the access token, POST to this url and use these body params (POSTMAN)
	POST https://login.microsoftonline.com/<tenantId>/oauth2/v2.0/token
	grant_type:urn:ietf:params:oauth:grant-type:jwt-bearer
	client_id:<appid>@<tenantid>
	client_secret:<app_secret>
	assertion:<user's auth token>
	requested_token_use:on_behalf_of
	scope:https://<tenant>.sharepoint.com/.default