401 Client Error: Unauthorized for url when using certificate

[J-Goodall]

With ACS now deprecated, we're trying to get an Azure AD App Reg to work, but receiving a 401 unauthorized for url error when trying to access sites with this method.

We've given the API Permissions:

Sites.Read.All

I've created a certificate & private key using the method described here:

https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread#setting-up-an-azure-ad-app-for-app-only-access

I've then exported the cert and key to the same .pem file using the method:

openssl pkcs12 -in key.pfx -out temp.pem -nodes
openssl x509 -in temp.pem >> cert_and_key.pem
openssl pkcs8 -topk8 -nocrypt -in temp.pem >> cert_and_key.pem

As referenced in #700 then uploaded this to the Azure App Registration

Example code receiving the error is:

`cert_settings = {
'tenant': '<my_tenant>',
'client_id': '<my_client_id>',
'thumbprint': "<my_thumbprint>",
'cert_path': '\cert_and_key.pem' ,
'scopes': ['https://<my_tenant>.sharepoint.com/.default']
}

ctx = ClientContext(base_url=url).with_client_certificate(**cert_settings)

current_web = ctx.web.get().execute_query()`

Any ideas what might be missing?

[J-Goodall]

Closed - needed to set up SharePoint API permissions rather than Graph API permissions to use ClientContext()