access another site collection with client ID and client secret

Question

I am trying to access another site collection with client Id and secret, I want to retrieve a list on another website, currently I tried using this method

string siteUrl = "https://xyz.sharepoint.com/sites/MyList/";
string clientId = "<client-id>";
string clientSecret = "<client-secret>";

using (var clientContext = new AuthenticationManager().GetAppOnlyAuthenticatedContext(siteUrl,clientId,clientSecret))
{       
    Web oWebsite = clientContext.Web;
    List lList = oWebsite.Lists.GetByTitle("List");
    clientContext.Load(list);
    clientContext.ExecuteQuery();
}

It returned an exception of access denied, but I already added app permission to https://xyz.sharepoint.com/sites/MyList/ using _layouts/15/appinv.aspx URL

Answer 1

If you want to use client id and secret across site collections, you should add tenant scoped permissions for your app:

If you want to register the app once and use it for any site collection, it's better to apply tenant scope permissions, so you can use this credentials everywhere inside your SharePoint tenant. In order to apply tenant scoped permissions, open AppInv.aspx page under SharePoint administration web site, i.e. https://[organizaiton]-admin.sharepoint.com/_layouts/15/appinv.aspx, copy paste Client Id into App Id field and click 'Lookup'.

You will see your registered app, paste in following xml into the 'Permission Request XML:' field and click 'Create' (note: tenant administrator rights required):

<AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Click Trust and you can use client id and client secret to send authenticated http requests across your SharePoint tenant.