Project Online OData using Context Tokens

This is a work in pro­gress and has yet to be suc­cess­ful so if you can provide details for the last step, please leave a com­ment.

What I'm try­ing to accom­plish is using a con­text token to make OData calls to Project Online.  All doc­u­men­ta­tion and exam­ples use a stored user­name and pass­word, which is then used to cre­ate a Share­PointOn­line­Cre­den­tials.  This is not a viable option. You can stop read­ing if that is your solu­tion to access­ing Project Online via OData.

If how­ever, you know how to store a con­text token and make headless calls to Project Online OData please leave a com­ment below as to what is being done wrong here.

The fol­low­ing steps are sim­pli­fied as there are plenty of resources on the web that describe how to do them in detail. The dif­fi­culty doesn't come until later.

  1. Cre­ate a Provider-hosted Share­Point Add-in
  2. In the AppManifest.xml provide the fol­low­ing per­mis­sions:
  3. Reg­is­ter your Add-in with /AppRegNew.aspx, and record your Client Id & Client Secret
  4. If you haven't already, cre­ate an App­Cat­a­log.
  5. Upload your .app file to 'Apps for Share­Point' in your App­Cat­a­log.
  6. Pub­lish the Add-in Web that was cre­ated when you cre­ated your Add-in.
  7. Go to your /sites/pwa Project Online Share­Point site.
  8. Go to Set­tings (gear top right), Site con­tents.
  9. Select New (drop down), App. (Or click 'add an app' if your in the clas­sic por­tal).
  10. Under 'Your Apps' select 'From Your Orga­ni­za­tion'.
  11. Click your App, then click 'Trust It'.
  12. Once installed, click your App and make sure your Add-in Web loads fine.
  13. Now to the dif­fi­cult part…

The point of this Add-in is to make calls to Project Online using an access token retrieved using the con­text token of the user that used the Add-In to visit the site.  It is assumed this user has the nec­es­sary per­mis­sions to access the PWA resources.  We ver­ify this by using the same access token to make CSOM calls, which are suc­cess­ful.

Fol­low­ing are the key snip­pets of code.

  1. Get a Share­PointAc­sCon­text and save off nec­es­sary Url's.

    2. Get an access token from the con­text token (we could use the access token in the con­text if mak­ing the PWA calls right away, but the idea is to store the con­text token so we can call into the PWA later from a headless app.)

    3. Use the access token to call into the PWA, first with CSOM to ver­ify our access token is valid.

    4. OData doesn't appear to sup­port Bearer token header autho­riza­tion so after some research, thanks to Brian P. it appears you need to use a For­mDi­gest­Value. Let's get it.

    5. Finally hav­ing every­thing we need we should be able to make OData calls.

    This is where every­thing fails with (403) For­bid­den errors.

    I've tried both POST and GET requests to OData with the X-RequestDigest header but they both returns 403's.

    This is where I am stuck.  I can not find any way to access OData using tokens. If you have any sug­ges­tions please leave me a com­ment.

What fol­lows is the entire test con­troller from my AddIn­Web.

Which results in:

One thought on “Project Online OData using Context Tokens”

Leave a Reply

Your email address will not be published. Required fields are marked *