HTTPError: 403 Client Error: Forbidden for url via Office365-REST-Python-Client
I tried this sample code for my org (for which my AD admin gave full access in SharePoint :
from office365.runtime.auth.client_credential import ClientCredential
from office365.sharepoint.client_context import ClientContext
site_url = "https://myname.sharepoint.com"
client_id = "xxx-xxx-xxx-xxx-xxx"
client_secret = "xxxxxxxx"
ctx = ClientContext(site_url).with_credentials(ClientCredential(client_id, client_secret))
folder_path = 'sites/SOF'
root_folder = ctx.web.get_folder_by_server_relative_path(folder_path).expand(["Files"]).get().execute_query()
print("root_folder = ", root_folder)
for file in root_folder.files:
print(file.name)
But I still get
File "C:\Users\username\AppData\Local\Programs\Python\Python310\lib\site-packages\requests\models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://myname.sharepoint.com/_api/Web/getFolderByServerRelativePath(DecodedUrl='sites%2FSOF')?$expand=Files
I even tried site_url = "https://myname.sharepoint.com/sites/SOF" but still it returned :
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://myname.sharepoint.com/sites/SOF/_api/Web/getFolderByServerRelativePath(DecodedUrl='')?$expand=Files
Update : entering this in my browser returns the proper XML with all the data :
So what more permissions do I need from my admin ? My client_id and client_secret are correct.
I created an Azure AD Application:
Now when I tried the code, I got the same error as below:
The 403 error usually occurs if the application doesn't have sufficient permissions to perform the action.
To resolve the error, make sure to set up an app-only principal with tenant permissions like below:
- If you are Tenant Admin, then use this
https://xxx.sharepoint.com/_layouts/15/appinv.aspx - If you have Global Admin role, then use this
https://xxx-admin.sharepoint.com/_layouts/15/appinv.aspx
I used https://xxx-admin.sharepoint.com/_layouts/15/appinv.aspx to grant permissions:
And here enter the ClientID, domain and redirect URL of the application.
For App's permission, paste the below XML and create:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
Now click on Trust it to grant the permissions:
I uploaded samples files in the SharePoint site:
Now, after granting the permissions I am able to print the files successfully like below:
from office365.runtime.auth.client_credential import ClientCredential
from office365.sharepoint.client_context import ClientContext
site_url = "https://xxx.sharepoint.com/sites/testruk"
client_id = "ClientID"
client_secret = "ClientSecret"
ctx = ClientContext(site_url).with_credentials(ClientCredential(client_id, client_secret))
folder_path = 'doc1/folder1'
root_folder = ctx.web.get_folder_by_server_relative_path(folder_path).expand(["Files"]).get().execute_query()
print("root_folder = ", root_folder)
for file in root_folder.files:
print(file.name)
Reference:
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs