Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UPDATED! Microsoft Graph API for SharePoint

ewilson
Staff
Staff

‎12-07-21 06:26 PM

The Microsoft Graph API connector for SharePoint was recently updated to include actions for uploading/downloading files. You can find the latest .bprelease file here.

Some things to be aware of:
  • The Upload File action of this connector is limited to files less than 4MB in size. There is an additional connector, making its way through the tech/marketing review process, that implements support for the Upload Session feature of Graph. That connector will support uploading files greater than 4MB through chunking. We expect that connector to be published on the DX later this week, possibly early next week.
  • While the main connector includes support for downloading files, there is a limitation within the Web API feature of Blue Prism that impacts downloading binary files. As a result, only text files will be successfully downloaded. To address this, you can use the connector to collect the metadata of a file on SharePoint. That metadata will include a direct download URL for the specific file. You can then use the HTTP VBO to download the file using that URL.
Cheers,


------------------------------
Eric Wilson
Director, Partner Integrations for Digital Exchange
Blue Prism
------------------------------
16 REPLIES 16

seeannloh
Level 3

‎22-10-21 05:39 AM

Hi Eric,

I have question on MS Graph SharePoint API. We need to grant admin consent for ReadWrite to API permission in the app we registered in Azure AD to use the Download FIle action. But, this ReadWrite permission is too powerful because it will have the ReadWrite access to entire SharePoint sites based on my understanding.

Is there a way to limit ReadWrite access to only certain SharePoint sites we wish?

Thanks

------------------------------
SeeAnn Loh
Senior Programmer
Jabil
Asia/Kuala_Lumpur
------------------------------
0 Likes

ewilson
Staff
Staff
In response to seeannloh

‎22-10-21 03:25 PM

Hi @seeannloh,

There are two permission types within MS Graph: Delegated Permissions and Application Permissions. Delegated permissions are where you're granted access to work on behalf of a specified user. Application permissions are when you operates essentially as a service account. If you want to limit what the digital worker can do I'd say you want to try using Delegated Permissions and grant the user account of the Digital Worker ReadWrite on just the necessary sites.

There's more information available here.

Cheers,
  ​

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

seeannloh
Level 3
In response to ewilson

‎22-10-21 06:16 PM

Hi Eric,

Thanks. If I use Delegated Permission to Files.ReadWrite and Sites.ReadWrite, will it still have full access to all SharePoint sites or I can limit with only certain sites?

Regards

------------------------------
SeeAnn Loh
Senior Programmer
Jabil
Asia/Kuala_Lumpur
------------------------------
0 Likes

ewilson
Staff
Staff
In response to seeannloh

‎22-10-21 06:23 PM

Hi @seeannloh,

​As I mentioned, the delegated permissions option only provides the digital worker with whatever permissions are available to the supplied user credentials. So if you have a user account called "John Doe" and that account can only perform read/write on site A then the digital worker will only be able to perform read/write actions on site A.

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

seeannloh
Level 3
In response to ewilson

‎22-10-21 06:31 PM

Hi Eric,

So I assume there is a configuration when register an app in Azure AD for site A to have ReadWrite access only for user John Doe? Something like base URL?

Thanks

------------------------------
SeeAnn Loh
Senior Programmer
Jabil
Asia/Kuala_Lumpur
------------------------------
0 Likes

ewilson
Staff
Staff
In response to seeannloh

‎22-10-21 07:09 PM

You'll grant Site.ReadWrite in AD, but the actual user permission is controlled in the SharePoint site administration I believe.

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

seeannloh
Level 3
In response to ewilson

‎30-10-21 10:58 AM

Hi Eric,

Thanks. I'm able to execute the Download File action from MS Graph SharePoint API. However, how do I download the file?
I tried to find the Location header from Response based on microsoft doc but it is not there. Please advice.

I attached the screenshot of the Response Headers for Content-Type and Content-Disposition for your reference.
7947.png
7948.png


------------------------------
SeeAnn Loh
Senior Programmer
Jabil
Asia/Kuala_Lumpur
------------------------------
0 Likes

ewilson
Staff
Staff
In response to seeannloh

‎30-10-21 07:09 PM

@seeannloh,

What's the value of the HTTP Status Code? Is it 302 or 200? I'm wondering if the underlying BP logic is automatically following the 302 redirect to try and download the file. If so, that could explain why you're not seeing the Location header. The problem with that is the Web API service feature of BP doesn't support properly handling binary downloads.

Cheers,


------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

sachintaneja
Level 2
In response to ewilson

‎09-11-21 10:15 AM

Hi Eric

I am using Delegated Permissions in application registration
I am using Connector for Microsoft Graph API - Authentication
for generating token specifically action >  Get Delegated Access Token 
I am getting below error
"AADSTS50126: Error validating credentials due to invalid username or password"
Though the credentials are fine

I have gone through some links and it appears the issue is with federation being present and no redirection in HTTP call makes the call throw a generic error of invalid creds as it is unable to validate the creds 

AADSTS50126: Error validating credentials due to invalid username or password - Microsoft Q&A
'AADSTS50126' "invalid_grant" Error validating credentials due to invalid username or password - Microsoft Q&A


However  using python as in below link with the same application registration ( delegated permission ..same user), the token can be perfectly generated and used . 
GitHub - jsnm-repo/Python-OneDriveAPI-FileUpload: Automating reports upload to OneDrive 

Do you have a similar MSAL version for generating token that can work in Blueprism

------------------------------
sachin taneja
Senior
EY
Asia/Kolkata
------------------------------
0 Likes