🔐 Getting an Access Token for SharePoint Online Using MSAL in a Console App (.NET)
Modern authentication in Microsoft 365 revolves around secure, token-based flows. If you’re building tools or automations that connect to SharePoint Online, you’ll need to acquire an access token securely using OAuth 2.0.
In this article, we’ll create a full .NET Console App that uses Microsoft Identity Client (MSAL) to acquire a token interactively and authenticate against the SharePoint Online API — and finally test that token in Postman.
🎯 What We’ll Build
A working console app that:
- Prompts the user to log in via Azure AD
- Retrieves an access token using MSAL
- Outputs the JWT token to the console
- Lets you test the token in Postman to call SharePoint REST API
🛠️ Prerequisites
| Requirement | Notes |
|---|---|
| .NET SDK | .NET 6 or later recommended |
| Azure AD App Registration | Needs to be configured with delegated permissions to SharePoint |
| NuGet Package | Install MSAL with: Install-Package Microsoft.Identity.Client |
| App Type | Use Public Client (mobile/desktop) in Azure registration |
| Postman | For manual testing of the access token |
🔧 Step 1 – AuthHelper.cs
Create a class named AuthHelper to encapsulate the authentication logic:
using System;
using System.Threading.Tasks;
using Microsoft.Identity.Client;
namespace SharePoint_App_GetToken
{
public class AuthHelper
{
public string TenantId { get; set; }
public string ClientId { get; set; }
public string TenantName { get; set; }
public IPublicClientApplication App { get; set; }
public async Task<string> GetAccessTokenAsync()
{
var app = PublicClientApplicationBuilder
.Create(ClientId)
.WithAuthority($"https://login.microsoftonline.com/{TenantId}")
.WithDefaultRedirectUri()
.Build();
var result = await app
.AcquireTokenInteractive(new[] { $"https://{TenantName}.sharepoint.com/.default" })
.ExecuteAsync();
return result.AccessToken;
}
}
}
🔧 Step 2 – Program.cs
Use the helper in a Main method to get and display the token:
using System;
using System.Threading.Tasks;
namespace SharePoint_App_GetToken
{
internal class Program
{
static async Task Main(string[] args)
{
AuthHelper authHelper = new AuthHelper
{
TenantId = "your-tenant-id",
ClientId = "your-client-id",
TenantName = "your-tenant-name" // e.g., "contoso"
};
string token = await authHelper.GetAccessTokenAsync();
Console.WriteLine("Access Token Acquired:");
Console.WriteLine(token);
Console.ReadLine();
}
}
}
🔐 Note: A browser popup will be shown for user authentication.
🧪 Step 3 – Test the Token in Postman
Once you have the token printed in your console, you can test it using Postman to call SharePoint REST APIs:
🪄 Instructions:
- Open Postman
- Set method:
GET - Request URL:
https://<tenant>.sharepoint.com/sites/<site>/_api/web/listsReplace<tenant>and<site>with your SharePoint tenant and site name. - Go to the “Authorization” tab
- Type:
Bearer Token - Token: Paste the token from your console output
- Type:
- Send the Request
✅ If the token is valid, you will get a JSON response listing all the lists on that site.
❌ If the token is invalid or expired, you’ll receive a 401 Unauthorized or 403 Forbidden.
📚 Useful Resources
| Topic | Link |
|---|---|
| Microsoft Identity Platform Overview | MS Docs |
| Register an App in Azure AD | Quickstart |
| MSAL.NET Documentation | MSAL Overview |
| AcquireTokenInteractive | API Reference |
| SharePoint REST API | SharePoint REST Docs |
✅ Summary Table
| Step | Task |
|---|---|
| 1 | Create an AuthHelper class using MSAL |
| 2 | Build and run a console app to get the token |
| 3 | Copy the token and test it in Postman |
| 4 | Use the token for authenticated SharePoint REST API calls |
🔄 What’s Next?
- Use this access token to make programmatic calls to SharePoint (via REST or CSOM).
- Convert this into a WPF or .NET MAUI app with a full UI.
- Add token caching, silent authentication, or persistent login.
Let me know if you’d like a Markdown export or help automating token usage in scripts or GUI tools!
edvaldo b. guimarães filho 