Skip to main content
  • EN

Hello Safe Folks,

I am trying SharepointOnline Connector with a TenantID, Client ID and CLient Secret.

I followed 

  1. https://support.safe.com/hc/en-us/articles/25407443807117-Getting-Started-with-Microsoft-SharePoint#WebConnection
  2. https://support.safe.com/hc/en-us/articles/30678084674189-How-to-Create-a-SharePointOnlineConnector-Web-Connection-with-Application-Permissions

In the second URL, it suggests to have 

but I only have Sites.Selected or Sites.ReadAll option from the ADMIN.

After adding the required parameters, I do not get an error but when add sites I get an error. I am using options/parameters for Download

  1. Search Query: Unable to execute query: 'Read past EOF'

Please suggest and help.

I think your Azure administrator needs to grant approval for all application level permissions.

But back to your requirements. On the first article you will find section “Determine your Requirements” and specifically #3 Do you want to connect on behalf of a user or as an application

The SharePointOnlineConnector supports access on behalf of a user, where Microsoft Graph API delegated permissions have been granted to the Azure app registration. 

As of FME 2024.1, it also supports access as an application, where Microsoft Graph API application permissions have been granted to the Azure app registration. BUT MAYBE YOU DON’T NEED THIS, perhaps you could use the Delegated scope?

Delegated permissions let you connect to SharePoint from FME on behalf of a Microsoft 365 user account. When you provide your username and password to authenticate an FME web service or connection, FME does not store these credentials. They are exchanged in the OAuth2.0 authorization code grant flow for a short-lived access token and a refresh token. FME only stores these tokens. The refresh token is used by FME to obtain a new access token when the current one expires.

Application permissions let you connect to SharePoint with an Azure tenant id, client id, and client secret. These values are stored within the FME web connection and passed to SharePoint each time you need to connect. The client secret should be treated as a password. Configuration of a web service in FME is not required. With application permissions, Microsoft 365 credentials do not need to be provided to authorize the connection in FME. This method of authentication is similar to the use of a 'service account' and uses the OAuth2.0 client credentials grant flow

For a further comparison of the two authentication methods mentioned above, please see Microsoft’s Overview of permissions and consent

 

Hi James,

Thanks for your answer. Prior to posting, I did contact with my Azure App Admin and requirements are clear.

  1. Connects with Application permissions only that let you connect to SharePoint with an Azure tenant id, client id, and client secret. 
  2. The only permission that will be provided is Sites.Selected and elevated permissions are not possible due to Organization's security policy.

With the above, is there a workaround or resolution in FME 2024.2.1?
Please let me know.

Community Stats

31,852
Posts
120,988
Replies
39,485
Members

Latest FME

Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.