How to connect to SharePoint Online with certificate credentials
Michael Thomas edited this page Oct 27, 2023
·
3 revisions
For demonstration purposes we will create a self signed certificate via Azure Cloud Shell:
- Open Cloud Shell
- Enter the following code into Cloud Shell to create a self signed certificate:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out selfsigncert.crt - Export the certificate by running the following command in Cloud Shell:
cat selfsigncert.crt privateKey.key > selfsigncert.pem
You can associate the certificate-based credential with the client application in Azure AD from the Azure portal. To associate the credential, follow official docs steps.
You'll need to add additional permissions in order to use SharePoint API.
Choose Add a permission and under Microsoft APIs, select SharePoint, and then select Application permissions, for instance :
-
SharePoint-
Application permissions-
SitesSites.FullControl.All
-
-
ClientContext.connect_with_certificate(site_url, client_id,thumbprint, certificate_path)
where
site_url - SharePoint site url
client_id - The OAuth client id of the calling application.
thumbprint - hex encoded thumbprint of the certificate
certificate_path - path to a PEM encoded certificate private key
site_url = 'https://contoso.sharepoint.com',
cert_settings = {
'client_id': '51d03106-4726-442c-86db-70b32fa7547f',
'thumbprint': "6B36FBFC86FB1C019EB6496494B9195E6D179DDB",
'cert_path': 'mycert.pem'
}
ctx = ClientContext(site_url).with_client_certificate('contoso.onmicrosoft.com', **cert_settings)
current_web = ctx.web
ctx.load(current_web)
ctx.execute_query()
print("{0}".format(current_web.url))