AcquireTokenAsync with UserAssertion? RRS feed

  • Question

  • I have a provider hosted app that is trusted by two different SharePoint tenants. I want users to be able to initiate REST API requests on either SharePoint site from my provider hosted app. I see variants of the code below to do this, but this code throws a 400 bad request when I run it.

    This code runs when a user opens my provider hosted app from "Site A"

    var spContext = SharePointContextProvider.Current.GetSharePointContext(HttpContext);
    string userAccessToken = spContext.UserAccessTokenForSPHost;
    UserAssertion userAssertion = new UserAssertion(userAccessToken);
    AuthenticationContext authenticationContext = new AuthenticationContext("", false);
    ClientCredential clientCred = new ClientCredential("clientID", "clientSecret");
    AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync("", clientCred,userAssertion);

    Please mark my response as an answer if appropriate.

    Tuesday, April 25, 2017 5:44 PM

All replies

  • Hi,

    Could you please explain whether your SharePoint Add-in uses add-in only or Add-in + user policy in authentication? Since you are launching the Add-in from Site A, and the logon user also belongs to Site A, but the user doesn't belong to Site B. If the authentication policy is Add-in + User mode, I don't think a valid Access token for Site B can be generated by a userAssertion belogns to Site A.

    Meanwhile, it would be helpful if you can share the materials you have referred.

    Reken Liu

    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact

    Friday, April 28, 2017 10:27 AM