SharePoint Online Connector
Documentation
Version: 13
Documentation

Authentication :: Application Credentials [OAuth]


Description

OAuth App must be created in Microsoft Azure AD. These settings typically found here https://docs.microsoft.com/en-us/graph/auth-v2-service [API Help..]

Instructions

Firstly, login into Azure Portal and there create an OAuth application:

Step-1: Create OAuth App

  1. Go to Azure Portal and login there.
  2. Then go to Azure Active Directory.
  3. On the left side click menu item App registrations
  4. Then proceed with clicking New registration.
  5. Enter a name for your application.
  6. Select one of Accounts in this organizational directory only as supported account type to access data in your company.
  7. In Redirect URI section leave option selected at Web.
  8. Copy Application (client) ID and paste it into API Connection Manager configuration grid in Client ID row.
  9. Then click on Endpoints link and copy second, Token, URL to Token URL field in configuration grid. Usually they look similar to these:
    https://login.microsoftonline.com/daed1250-xxxx-xxxx-xxxx-ef0a982d3d1e/oauth2/v2.0/token
    https://login.microsoftonline.com/common/oauth2/v2.0/token
    
  10. Close "Endpoints" and create a Client Secret by clicking Certificates & secrets.
  11. Proceed by clicking New client secret and setting expiration period. Copy the client secret and paste it into configuration grid in Client Secret row.
  12. Go to API Permissions section and add Microsoft Graph permissions for SharePoint and Drive, e.g. Sites.Selected, Sites.Read.All, Sites.ReadWrite.All, Files.Read.All, Files.ReadWrite.All.
  13. Finally, Grant admin consent for your domain for your permissions.

Step-2: Register OAuth App in SharePoint Admin Portal

  1. After we create OAuth App we need to add grant SharePoint access to that App using Admin Portal. Make sure you have admin permission to acces Portal. For detailed steps you may refer to this link. Here are basic steps you can follow.
  2. Log in to SharePoint Admin Portal and access below URL
    (Replace YOURCOMPANY)
    https://YOURCOMPANY-admin.sharepoint.com/_layouts/15/appprincipals.aspx?Scope=Web
  3. Enter App Id and other information
  4. Enter XML snippet which describes which permission you want to grant. Here is an example permission (App with FullControl / Read / Write)
    <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
    </AppPermissionRequests>
      
  5. Click Add to grant the permission. That's it!
NOTE: After adding App in SharePoint if you ever remove the permission then you can visit the following URL and delete the App.
https://YOURCOMPANY-admin.sharepoint.com/_layouts/15/appprincipals.aspx?Scope=Web

Parameters

Parameter Label Required Options Description Help
TokenUrl Token URL YES
Option Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/token
API Help
ClientId Client ID YES API Help
ClientSecret Client Secret YES
Scope Scope NO Permissions you want to use. API Help
SiteId SiteId YES Specify a site
RetryMode RetryMode NO
Option Value
None None
RetryAny RetryAny
RetryWhenStatusCodeMatch RetryWhenStatusCodeMatch
RetryStatusCodeList RetryStatusCodeList NO
RetryCountMax RetryCountMax NO
RetryMultiplyWaitTime RetryMultiplyWaitTime NO