OneDrive Connector
Documentation
Version: 4
Documentation

Authentication :: User Credentials [OAuth]


Description

OAuth App must be created in Microsoft Azure AD. These settings typically found here https://docs.microsoft.com/en-us/graph/auth-register-app-v2. [API Help..]

Instructions

Firstly, login into Azure Portal and there create an OAuth application:

  1. Go to Azure Portal and login there.
  2. Then go to Azure Active Directory.
  3. On the left side click menu item App registrations
  4. Then proceed with clicking New registration.
  5. Enter a name for your application.
  6. Select one of Accounts in this organizational directory only as supported account type to access data in your company.
  7. In Redirect URI section leave option selected at Web.
  8. In nearby textbox enter https://login.microsoftonline.com/common/oauth2/nativeclient as Redirect URI or any other valid redirect URL, e.g. https://zappysys.com/oauth
  9. Use this Redirect URI in Redirect URL grid row.
  10. Copy Application (client) ID and paste it into API Connection Manager configuration grid in Client ID row.
  11. Then click on Endpoints link and copy first URL to Authorization URL and second one to Token URL in configuration grid. Usually they look similar to these:
    • https://login.microsoftonline.com/daed1250-xxxx-xxxx-xxxx-ef0a982d3d1e/oauth2/v2.0/authorize
    • https://login.microsoftonline.com/daed1250-xxxx-xxxx-xxxx-ef0a982d3d1e/oauth2/v2.0/token
    • https://login.microsoftonline.com/common/oauth2/v2.0/authorize
    • https://login.microsoftonline.com/common/oauth2/v2.0/token
  12. Close "Endpoints" and create a Client Secret by clicking Certificates & secrets.
  13. Proceed by clicking New client secret and setting expiration period. Copy the client secret and paste it into configuration grid in Client Secret row.
  14. Use these scopes in Scopes field: offline_access Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All openid profile User.Read email
  15. Click Generate Token to generate tokens.
    NOTE: If you are planning to use your current data connection/token for automated processes, we recommend that you use a generic account for token generation when the login box appears (e.g. sales_automation@mycompany.com instead of bob_smith@mycompany.com). When you use a personal account which is tied to a specific employee profile and that employee leaves the company, the token may become invalid and any automated processes using that token will fail. Another potentially unwanted effect of using a personal token is incorrect logging; the API calls (e.g. Read, Edit, Delete, Upload) made with that token will record the specific user as performing the calls instead of an automated process.
  16. That's it!

Parameters

Parameter Label Required Options Description Help
AuthUrl Authorization URL YES
Option Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/authorize
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/authorize
TokenUrl Token URL YES
Option Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/token
ClientId Client ID YES
ClientSecret Client Secret NO
RefreshTokenFilePath Refresh Token File Path NO If you cant fit long refresh token in ConnectionString from your program then use this. Supply three properies in json format (i.e. save this in file { "access_token": "YOUR_ACCESS_TOKEN", "refresh_token": "YOUR_REFRESH_TOKEN", "expires_in": 3600 } )
Scope Scope YES
Option Value
offline_access offline_access
Files.Read Files.Read
Files.Read.All Files.Read.All
Files.ReadWrite Files.ReadWrite
Files.ReadWrite.All Files.ReadWrite.All
openid openid
profile profile
Sites.Read.All Sites.Read.All
Sites.ReadWrite.All Sites.ReadWrite.All
User.Read User.Read
Permissions you want to use.
ReturnUrl ReturnUrl NO
RetryMode RetryMode NO
Option Value
None None
RetryAny RetryAny
RetryWhenStatusCodeMatch RetryWhenStatusCodeMatch
RetryStatusCodeList RetryStatusCodeList NO
RetryCountMax RetryCountMax NO
RetryMultiplyWaitTime RetryMultiplyWaitTime NO
ExtraAttributesForAuthRequest Login Prompt Option NO
Option Value
None
Force login prompt prompt=login
Force permission select prompt=consent
Choose this if you want to force login prompt or permission prompt. API Help