SharePoint Online Connector
Documentation
Version: 13
Documentation

Authentication :: User Credentials [OAuth]


Description

OAuth App must be created in Microsoft Azure AD. These settings typically found here https://docs.microsoft.com/en-us/graph/auth-register-app-v2. [API Help..]

Instructions

Firstly, login into Azure Portal and there create an OAuth application:

  1. Login to Azure Portal:
    • Navigate to the Azure Portal and log in using your credentials.
  2. Access Azure Active Directory:
  3. Register a New Application:
    • Go to App registrations and click on New registration.
    • Application Name: Enter a name for your application.
    • Supported Account Types: Choose the account types your app will support. For example, select Accounts in this organizational directory only if you need access to data in your organization only.
    • Redirect URI:
      • Set the type to Web.
      • In the textbox enter https://login.microsoftonline.com/common/oauth2/nativeclient as the Redirect URI or any other valid redirect URL, e.g., https://zappysys.com/oauth.
      • Use this Redirect URI in the Redirect URL grid row.
  4. Save Client ID:
    • After registering the app, copy the Application (client) ID and paste it into the Client ID field in the API Connection Manager configuration.
  5. Set Authorization & Token URLs:
    • Click on the Endpoints link in the App registration overview.
    • Authorization URL: Copy the OAuth 2.0 authorization endpoint (v2) URL (e.g., https://login.microsoftonline.com/{your-tenant-id}/oauth2/v2.0/authorize) and paste it into the Authorization URL field in the configuration grid.
    • Token URL: Copy the OAuth 2.0 token endpoint (v2) URL (e.g., https://login.microsoftonline.com/{your-tenant-id}/oauth2/v2.0/token) and paste it into the Token URL field.
  6. Create a Client Secret:
    • In the Certificates & secrets tab, click New client secret.
    • Set an expiration period for the secret.
    • Copy the generated client secret and paste it into the Client Secret field in the API Connection Manager configuration.
  7. Configure API Permissions:
    • Go to the API Permissions section.
    • Click on Add a permission, select Microsoft Graph, and choose Delegated Permissions.
    • Add the required permissions:
      • offline_access
      • Files.Read
      • Files.Read.All
      • Files.ReadWrite
      • Files.ReadWrite.All
      • openid
      • profile
      • Sites.Read.All
      • Sites.ReadWrite.All
      • User.Read
      • email
    • Grant Admin Consent for the permissions that require it.
  8. Generate Tokens:
    • Use the Generate Token feature in the API Connection Manager to generate authentication tokens.
  9. Use a Generic Account for Automation:
    NOTE: If you are planning to use your current data connection/token for automated processes, we recommend that you use a generic account for token generation when the login box appears (e.g. sales_automation@mycompany.com instead of bob_smith@mycompany.com). When you use a personal account which is tied to a specific employee profile and that employee leaves the company, the token may become invalid and any automated processes using that token will fail. Another potentially unwanted effect of using a personal token is incorrect logging; the API calls (e.g. Read, Edit, Delete, Upload) made with that token will record the specific user as performing the calls instead of an automated process.
  10. That's it!
For more information you can read this link https://docs.microsoft.com/en-us/graph/auth-register-app-v2 Also https://docs.microsoft.com/en-us/graph/auth-register-app-v2

Parameters

Parameter Label Required Options Description Help
AuthUrl Authorization URL YES
Option Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/authorize
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/authorize
API Help
TokenUrl Token URL YES
Option Value
For Single Tenant https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token
For Multi Tenant https://login.microsoftonline.com/common/oauth2/v2.0/token
API Help
ClientId Client ID YES API Help
ClientSecret Client Secret NO
Scope Scope YES
Option Value
offline_access offline_access
Files.Read Files.Read
Files.Read.All Files.Read.All
Files.ReadWrite Files.ReadWrite
Files.ReadWrite.All Files.ReadWrite.All
openid openid
profile profile
Sites.Read.All Sites.Read.All
Sites.ReadWrite.All Sites.ReadWrite.All
User.Read User.Read
Permissions you want to use.
ReturnUrl ReturnUrl NO
SiteId SiteId (select after pressing 'Generate Token') YES Specify a default site you like to use for operations. You can always override this for various operations.
ExtraAttributesForAuthRequest Login Prompt Option NO
Option Value
None
Force login prompt prompt=login
Force permission select prompt=consent
Choose this if you want to force login prompt or permission prompt. API Help
RetryMode RetryMode NO
Option Value
None None
RetryAny RetryAny
RetryWhenStatusCodeMatch RetryWhenStatusCodeMatch
RetryStatusCodeList RetryStatusCodeList NO
RetryCountMax RetryCountMax NO
RetryMultiplyWaitTime RetryMultiplyWaitTime NO