Use delegated access (User Credentials) whenever you want to let a signed-in user work with their own resources or resources they can access. Whether it's an admin setting up policies for their entire organization or a user deleting an email in their inbox, all scenarios involving user actions should use delegated access.
[API reference]
Follow these simple steps below to create Microsoft Entra ID application with delegated access:
Parameter |
Label |
Required |
Default value |
Options |
Description |
AuthUrl
|
Authorization URL |
YES
|
|
Name |
Value |
For Single Tenant |
https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/authorize |
For Multi Tenant |
https://login.microsoftonline.com/common/oauth2/v2.0/authorize |
|
|
TokenUrl
|
Token URL |
YES
|
|
Name |
Value |
For Single Tenant |
https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token |
For Multi Tenant |
https://login.microsoftonline.com/common/oauth2/v2.0/token |
|
|
ClientId
|
Client ID |
YES
|
|
|
|
Scope
|
Scope |
YES
|
offline_access~Files.ReadWrite~Files.ReadWrite.All~openid~profile~Sites.ReadWrite~Sites.ReadWrite.All~User.Read
|
Name |
Value |
offline_access |
offline_access |
Sites.Read |
Sites.Read |
Sites.Read.All |
Sites.Read.All |
Sites.ReadWrite |
Sites.ReadWrite |
Sites.ReadWrite.All |
Sites.ReadWrite.All |
Sites.FullControl |
Sites.FullControl |
Sites.FullControl.All |
Sites.FullControl.All |
Files.Read |
Files.Read |
Files.Read.All |
Files.Read.All |
Files.ReadWrite |
Files.ReadWrite |
Files.ReadWrite.All |
Files.ReadWrite.All |
openid |
openid |
profile |
profile |
User.Read |
User.Read |
|
Permissions you want to use.
|
ReturnUrl |
Return URL |
YES
|
https://zappysys.com/oauth
|
Name |
Value |
https://zappysys.com/oauth |
https://zappysys.com/oauth |
|
|
SiteId |
Default Site Id (select after pressing 'Generate Token') |
YES
|
root
|
|
Specify a default site you like to use for operations. You can always override this for various operations. Selection of this parameter needs at minimum Sites.Read.All permission otherwise it will fail to list all sites. If it fails, please enter SiteId manually. You can find SiteId by visiting this URL in browser (assuming you visted SharePoint site and already logged in) https://{your-company}.sharepoint.com/_api/site --OR-- for sub-site use https://{your-company}.sharepoint.com/sites/{your-site}/_api/site. Find Id from the response (e.g. ).
|
ClientSecret |
Client Secret |
|
|
|
|
DriveId |
Default Drive Id (select after pressing 'Generate Token') |
|
|
|
Specify a default Drive Id you like to use for operations.
|
ExtraAttributesForAuthRequest
|
Login Prompt Option |
|
|
Name |
Value |
None |
|
Force login prompt |
prompt=login |
Force permission select |
prompt=consent |
|
Choose this if you want to force login prompt or permission prompt.
|
RetryMode |
RetryMode |
|
RetryWhenStatusCodeMatch
|
Name |
Value |
None |
None |
RetryAny |
RetryAny |
RetryWhenStatusCodeMatch |
RetryWhenStatusCodeMatch |
|
|
RetryStatusCodeList |
RetryStatusCodeList |
|
429|503|423
|
|
429 is API limit reached, 423 is File locked
|
RetryCountMax |
RetryCountMax |
|
5
|
|
|
RetryMultiplyWaitTime |
RetryMultiplyWaitTime |
|
True
|
|
|
SearchOptionForNonIndexedFields |
Search Option For Non-Indexed Fields (Default=Blank - Search Only Indexed) |
|
|
Name |
Value |
Search Only Indexed |
|
Search Both Indexed and Non-Indexed |
HonorNonIndexedQueriesWarningMayFailRandomly |
|
If you wish to do certain operations e.g. search / order by on non-indexed fields then you have to set this option to HonorNonIndexedQueriesWarningMayFailRandomly. By default filter / orderby on non-indexed fields not allowed.
|
ExtraHeaders |
Extra Headers (e.g. Header1:AAA||Header2:BBB) |
|
|
Name |
Value |
MyHeader1:AAA |
MyHeader1:AAA |
MyHeader1:AAA||MyHeader2:BBB |
MyHeader1:AAA||MyHeader2:BBB |
|
|
IsAppCred |
IsAppCred |
|
0
|
|
For internal use only
|