OneDrive for Business App Only token error with download #280
Comments
|
We can repro this issue and are investigating a fix now. |
|
We've determine what the issue is and are trying to decide on a solution. No ETA yet I'm afraid. |
|
There is a workaround available. You can fall back to the SharePoint REST API for downloading files in this scenario (when using app tokens). There's an app token sample I've been working on that isn't completely ready for prime-time yet, but you can see the DownloadFile method, which translates from OneDrive API to SharePoint REST to be able to download a file. |
|
I can confirm the bug is still open but the suggested workaround is working well. Btw. @rgregg the sample app fails when trying to list the user files (redirects back to the home site). |
|
I can also confirm that although the bug is still open the workaround is fine |
|
Have you tried using DriveId as I was successful with accessing file content through the following API request with App-Only token. https://{tenant}-my.sharepoint.com/_api/v2.0/drives/{DriveId}/items/{ItemId}/content |
|
I could not get DriveId to work since /Drives is not supported in OneDrive for Business? |
|
App-only token with FullControl over the Office365 tenant gives access to /Drives/{DriveId} of all OneDrive for Business users within given tenant, also /Drives/{CurrentUserDriveId} works perfectly fine with user access token. I've checked both options. |
|
Did it only work with ItemId? So if I wanted root: what is its DriveId? |
|
This is the exact request I was submitting to get Item metadata from any drive: For root folder I run: I would expect this will work with path queries also, as the relative part to the root and access token attached are the most important. I'm not sure if that helps, but this is me answering myself after few days on SO http://stackoverflow.com/questions/35819627/download-shared-file-programmatically-using-onedrive-for-business-api :) |
|
This link https://dev.onedrive.com/odb-preview/release-notes.htm#enumerating-drives says I cannot use /drives however that aside I wonder if it the itemID that makes the API call work? Also looking at your call there is no UPN in the REST API so how are you using an AppOnly token to access all the different user's accounts with a single AppOnly token? |
|
I did not intend to enumerate drives, what I used /drives command to is accessing files on different drives within a tenant. UPN is the driveId. App-only token has 'FullControl over Tenant' permissions and from my trial-error it appears that I can use this token to access any OneDrive for Business site through SharePoint or OdB APIs. Look at this article where Azure WebJob customizes users OneDrive for Business sites http://blogs.msdn.com/b/vesku/archive/2015/01/05/customizing-onedrive-for-business-sites-with-app-model.aspx using App-only token. |
|
When I tried to get the token using client secret it failed to work and this link, http://www.andrewconnell.com/blog/user-app-app-only-permissions-client-credentials-grant-flow-in-azure-ad-office-365-apis, among others, showed how to use it along with the need for the admin to grant access. |
|
The client secret is provided during SharePoint add-in registration. When this SharePoint add-in is actually installed on the SharePoint Online site collection in your tenant, this is when your app-only token gets the permission specified in SharePoint add-in manifest. After installation you are free to use following code to retrieve valid Access Token, with TokenHelper being Visual Studio class generated by SharePoint Add-in project.
and with ClientId and ClientSecret in the configuration file |
|
We don't produce a Sharepoint Add-In. Instead we use a native server app to access One Drive for Business. Perhaps that is the confusion as to why your approach works and we we're having problems with the download? |
|
It's been a year now, any progress? |
ghost
mentioned this issue
|
While the Sharepoint REST API workaround works, it is incomplete in that it does not support byte range requests |
|
Hi there, is there any progress on this issue? The workarounds suggested in this and surrounding threads doesn't work for me. Thanks. |
|
There are also issues with the workaround in that files that can be uploaded can't be downloaded either due to invalid characters or path length. |
|
The download links for app-only should now be functional - is anyone still encountering issues? If so, it would be useful to know the number of characters in the query string of one of the URLs that is failing. |
|
No still failing with 404. First part returns 302 and url as expected. When trying to access the returned location url returns 404 not found. |
|
I was able to download a file through an app-only token, including range requests |
|
Download still fails for me @ificator . Total length of url is 2457 which is over the 2048 typical limit. I imagine this is why it is failing. |
|
I did find a workaround where if you extract the "access_token" from the querystring and instead add an "Authorization" header for the HTTP request as "Bearer {accessToken}" the download will work. |
|
I've found a workaround to resolve the issue. If you authenticate by using service account - you should use your access token, not token in downloadUrl. Your download url should look like: "https://tenant.sharepoint.com/_layouts/15/download.aspx?UniqueId=12345678-90ab-cdef-0123-4567890abcde" and header "Authorization: Bearer accessToken". |
|
We've been working to reduce the size of URLs with attached tokens and latest changes should now be fully deployed. Hopefully download URLs will now no longer arbitrarily fail due to URL length, but please let us know if any of you continue to see such issues. |
|
@ificator : Hopefully I understand this issue and the status correctly, so I'm in the right place. https://graph.microsoft.com/v1.0/sites/tenant,site-id,web-id/drives/long-id/items/long-id/workbook/worksheets('Grafieken')/charts('Grafiek 1')/Image(width=0,height=0,fittingMode='fit') Am I in the right place, and is accessing an excel file in sharepoint supported with app-only credentials, or is it possible that the URL is too long..? |
|
Hi @JWiersema, this is where some Graph magic comes into the picture. While the URL makes it look like it's hitting just OneDrive, it's actually hitting a couple of different services. If you make the following query do you get a 404? If you don't, then OneDrive itself is fine and there's most likely a downstream issue. In that case I'll see if I can track down someonw that will be able to help. |
|
Hi, I've been trying to create a web application that allows users to access their OneDrive Accounts and upload and download files. So far I have managed to get to a point where by a user can navigate through the drive and get information on the file and folders in said drive (size, name etc), but I am failing hopelessly when it comes to the core function of the app upload download. I make a request "https://api.onedrive.com/v1.0/drive/items/{item_id}/content" trying to download an item but I get a 401 error saying invalid auth token [Bearer realm="OneDriveAPI", error="invalid_token", error_description="Invalid auth token"]. I'm not too sure where I'm going wrong and I would greatly appreciate some assistance |
I have successfully configured an App Only token, for use on a test site, and used it to list, create folders, move items, delete items and upload files. However when trying to download a file I do not get the documented 302 status but instead I get a 404 not found, followed by a html body that informs me "Sorry, you cannot access this document. Please contact the person who shared it with you."
If I use the @content.downloadUrl from the meta data I get the same response.
Going into Sharepoint and providing everyone read access allows me to download the file.
In Azure I have given the app, associated with the App Only token, all the access available.
I am confused since I can do writeable actions but not read the contents of files.
I have tried both url approaches and many other permutations of configuration on Azure AD, all to no avail:
https://{tenant}-my.sharepoint.com/personal/{user}/_api/v2.0/drive/items/01CGGKSYALIMOHMA23JBFKIGR4EJJS7NRG/content
and
https://{tenant}-my.sharepoint.com/personal/{user}/_api/v2.0/drive/root:/test.txt:/content
Thanks in advance
Paul
Confirmation of consent granted.
PS. All folder/files I create are marked as being created by SharePoint App, I would have expected either the owner or then name of the App to be used instead.
The text was updated successfully, but these errors were encountered: