3

I am trying to download a file from a SharePoint Online data library via REST API which uses a multi-factor ADFS authentication, so far I found these posts (Post1, Post2) which talk about sending a SAML request to STS to receive a security token from https://login.microsoftonline.com/extSTS.srf, I have found multiple examples online which uses the same method to authenticate their requests. However, when I send the SAML request to the above Microsoft URL, I receive the error below.

AADSTS50126: Error validating credentials due to invalid username or password.

I have appropriate access to the SharePoint data library as I was able to get a valid response to an API request (to check available lists and not for authentication) when using a browser with authenticated session. Any idea on what I might be doing wrong or even if authentication is possible for MFA secured SharePoint library.

Arun Vinoth-Precog Tech - MVP
  • 22,364
  • 14
  • 59
  • 168
Akash Singh
  • 63
  • 2
  • 12

1 Answers1

1

There is no official word in any Microsoft Documentation to confirm this. But MFA account + AAD token is not compatible.

You have to use a service account (username/password) without MFA enabled for it. This will work when you invoke the SPO web api using the service account for getting tokens.

When you have a browser session in open state, the token will be available in cookies & you will be able to access the library without issue. The same applies to POSTMAN or SOAP-UI testing.

Because MFA needs user interaction, this is not possible. Refer this github issue: Trouble spo login with an account with multi-factor authentication

We do "Application User" concept in Dynamics CRM for the same approach. Read more

Arun Vinoth-Precog Tech - MVP
  • 22,364
  • 14
  • 59
  • 168