Office365-REST-Python-Client icon indicating copy to clipboard operation
Office365-REST-Python-Client copied to clipboard
verified publisher icon vgrem

AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.

Open rjjlau opened this issue 5 years ago • 6 comments

I got this error when trying to access sharepoint. Is this something that can be fixed on my end? Appreciate any support. Thanks.

An error occurred while retrieving token from XML response: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.

rjjlau avatar May 15 '20 07:05 rjjlau

i got same error anyone know how to fix? An error occurred while retrieving token from XML response: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.

weezheng avatar Aug 13 '20 08:08 weezheng

By chance, do you have a Conditional Access policy blocking the App "Office 365 Exchange Online" ?

luismanez avatar Aug 13 '20 09:08 luismanez

RESOLVED KeyError: 'FedAuth', "An error occurred while retrieving token from XML response: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance."

  1. Create an App principal on the SharePoint site as described by the following sources: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs https://stackoverflow.com/questions/55922791/azure-sharepoint-multi-factor-authentication-with-python

  2. Use the Python code below to authenticate into SharePoint using an App principal: `

URL of the SharePoint site

url_shrpt = 'https://YourOrganizationName.sharepoint.com/sites/YourSiteName'

App principal for the sharepoint site

app_principal = { 'client_id': 'YourAppPrincipalClientID', 'client_secret': 'YourAppPrincipalClientSecret', }

Authentication into the sharepoint site

ctx_auth = AuthenticationContext(url_shrpt) if ctx_auth.acquire_token_for_app(client_id=app_principal['client_id'], client_secret=app_principal['client_secret']): ctx = ClientContext(url_shrpt, ctx_auth) web = ctx.web ctx.load(web) ctx.execute_query() print('Authenticated into sharepoint app for: ',web.properties['Title'])
else: print(ctx_auth.get_last_error()) sys.exit()

Test the connection:

Get all Lists on the site

lists = ctx.web.lists ctx.load(lists) ctx.execute_query() for l in lists: print("This is a list object: {0}".format(l.properties['Title']))

Get a List by title, get the items in the list, and get the properties of the items

list_object = ctx.web.lists.get_by_title('Documents')

Get the items in the list object

items = list_object.items ctx.load(items) ctx.execute_query()

Get the item properties

for item in items: print("\nItem title: {0}".format(item.properties["Title"])) for prop in item.properties: print(" Item property: {0} == {1}".format(prop, item.properties[prop])) `

devosgit avatar Oct 15 '20 15:10 devosgit

I am getting this error when connecting to AAD via powershell (ver. 2.0.2.135). Any idea what could be causing this?

goodwoodrevival avatar Jun 16 '21 12:06 goodwoodrevival

ctx_auth = AuthenticationContext(url_shrpt)

From where do you import AuthenticationContext?

tommycarstensen avatar Aug 08 '22 13:08 tommycarstensen

@tommycarstensen , look at the first line of this code:

from office365.runtime.auth.authentication_context import AuthenticationContext
from office365.sharepoint.client_context import ClientContext
from office365.sharepoint.files.file import File

anderflash avatar Aug 26 '22 10:08 anderflash