How do I authorize a Python script to upload to SharePoint Online? This was a wonderful answer and addressed the Required API access required to post a file to SharePoint. Please help in identifying the app roles required to get full access to the Mentioned API accesses.
I have added the required API access as mentioned in the post but am not sure on the app role part. Are there any specific app roles that has client credential access which enables the access to the mentioned API access. I don't have an app role and while trying to access the url to fetch site ID and Drive ID I got the below error. {'error': {'code': 'AccessDenied', 'message': 'Either scp or roles claim need to be present in the token.}} So I now know the error is due to No app roles being assigned are there any specific app roles that is required to be used to overcome this issue.
How do I authorize a Python script to upload to SharePoint Online? This was a wonderful answer and addressed the Required API access required to post a file to SharePoint. Please help in identifying the app roles required to get full access to the Mentioned API accesses.
I have added the required API access as mentioned in the post but am not sure on the app role part. Are there any specific app roles that has client credential access which enables the access to the mentioned API access. I don't have an app role and while trying to access the url to fetch site ID and Drive ID I got the below error. {'error': {'code': 'AccessDenied', 'message': 'Either scp or roles claim need to be present in the token.}} So I now know the error is due to No app roles being assigned are there any specific app roles that is required to be used to overcome this issue.
Share Improve this question asked 56 mins ago Brijesh KhannaBrijesh Khanna 1 New contributor Brijesh Khanna is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. 1- Can you paste the code you are trying and edit the post with the screenshot of the API permissions blade of the application? – Rukmini Commented 51 mins ago
1 Answer
Reset to default 0The error "Either scp or roles claim need to be present in the token." usually occurs if the access token does not contain any roles/scp claim to call the API.
To resolve the error, make sure to grant Sites.Read.All application type API permission to the Microsoft Entra ID application:
I generated access token using Client credential flow:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id: ClientID
client_secret: Secret
scope: https://graph.microsoft.com/.default
grant_type: client_credentials
Decode the access token and make sure roles claim is displayed with Sites.Read.All:
Pass the above generated access token to call the APIs
Fetch SiteID:
GET https://graph.microsoft.com/v1.0/sites?search=RukSite
Fetch DriveID:
https://graph.microsoft.com/v1.0/sites/SiteID/drives