Authentication :: Application Credentials [OAuth]

Contents

1 Description
3 Instructions
2 Parameters

Description

OAuth App must be created in Microsoft Azure AD. These settings typically found here https://docs.microsoft.com/en-us/graph/auth-v2-service [API Help..]

Instructions

Firstly, login into Azure Portal and there create an OAuth application:

Step-1: Create OAuth App

Go to Azure Portal and login there.
Then go to Azure Active Directory.
On the left side click menu item App registrations
Then proceed with clicking New registration.
Enter a name for your application.
Select one of Accounts in this organizational directory only as supported account type to access data in your company.
In Redirect URI section leave option selected at Web.
Copy Application (client) ID and paste it into API Connection Manager configuration grid in Client ID row.

Then click on Endpoints link and copy second, Token, URL to Token URL field in configuration grid. Usually they look similar to these:

https://login.microsoftonline.com/daed1250-xxxx-xxxx-xxxx-ef0a982d3d1e/oauth2/v2.0/token
https://login.microsoftonline.com/common/oauth2/v2.0/token

Close "Endpoints" and create a Client Secret by clicking Certificates & secrets.
Proceed by clicking New client secret and setting expiration period. Copy the client secret and paste it into configuration grid in Client Secret row.
Go to API Permissions section and add Microsoft Graph permissions for SharePoint and Drive, e.g. Sites.Selected, Sites.Read.All, Sites.ReadWrite.All, Files.Read.All, Files.ReadWrite.All.
Finally, Grant admin consent for your domain for your permissions.

Step-2: Register OAuth App in SharePoint Admin Portal

After we create OAuth App we need to add grant SharePoint access to that App using Admin Portal. Make sure you have admin permission to acces Portal. For detailed steps you may refer to this link. Here are basic steps you can follow.

https://YOURCOMPANY-admin.sharepoint.com/_layouts/15/appprincipals.aspx?Scope=Web

Enter App Id and other information

Enter XML snippet which describes which permission you want to grant. Here is an example permission (App with FullControl / Read / Write)

<AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Click Add to grant the permission. That's it!

NOTE: After adding App in SharePoint if you ever remove the permission then you can visit the following URL and delete the App.

https://YOURCOMPANY-admin.sharepoint.com/_layouts/15/appprincipals.aspx?Scope=Web

Parameters

Parameter

Label

Required

Options

Description

Help

TokenUrl

Token URL

YES

Option	Value
For Single Tenant	https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token
For Multi Tenant	https://login.microsoftonline.com/common/oauth2/v2.0/token

API Help

ClientId

Client ID

YES

API Help

ClientSecret

Client Secret

YES

Scope

Permissions you want to use.

API Help

SiteId

YES

Specify a site

RetryMode

Option	Value
None	None
RetryAny	RetryAny
RetryWhenStatusCodeMatch	RetryWhenStatusCodeMatch

RetryStatusCodeList

RetryCountMax

RetryMultiplyWaitTime

SearchOptionForNonIndexedFields

Search Option For Non-Indexed Fields (Default=Blank - Search Only Indexed)

Option	Value
Search Only Indexed
Search Both Indexed and Non-Indexed	HonorNonIndexedQueriesWarningMayFailRandomly

If you wish to do certain operations e.g. search / order by on non-indexed fields then you have to set this option to HonorNonIndexedQueriesWarningMayFailRandomly. By default filter / orderby on non-indexed fields not allowed.

ExtraHeaders

Extra Headers (e.g. Header1:AAA||Header2:BBB)

Option	Value
MyHeader1:AAA	MyHeader1:AAA
MyHeader1:AAA\|\|MyHeader2:BBB	MyHeader1:AAA\|\|MyHeader2:BBB