OAuth authorization code grant flow
Setting up OAuth 2.0 application in SharePoint
Supported Version Cloud
About OAuth 2.0
OAuth 2.0 lets users access instance resources through external clients by obtaining a token rather than by entering login credentials with each resource request.
You must have the security_admin role to manage the OAuth integration. Configure OAuth 2.0 for the following scenarios:
API Rate Limit: Variable for different APIs.
OAuth authorization code grant flow
Following diagram explains high-level information flow for OAuth 2.0 authentication process
Reference:
Setting up OAuth 2.0 application in SharePoint
Follow the below steps to register an OAuth 2.0 application on SharePoint using your account.
- Login into Azure Account using https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
- Click on “New registration” and enter following details:
- Name : User Friendly Name of OAuth 2.0 App, like “KleraSharePointApp”
- Click on Submit button.
- On the new page, copy and save followings:
- Application ID
- Go to “Certificates & Secretes” & click on “New client secret”. Enter description and choose validity period. Copy the string generated by the system under column “Value”. This is our Client Secret ID.
- Go to “Authentication” and add redirect URL under the “Redirect URIs” section.
- Choose Type -> Web
- Redirect URI -> Redirect URL of Klera machine.
Sample redirect URI would be https://<HostName.DomainName>:48444/AccountMa nagementWebService/callback.html
- Go to API Permissions and click on “Add a permission”. Under SharePoint -> Delegated permissions choose followings:
- AllSites -> AllSites.Read
- MyFiles -> MyFiles.Read
- Sites -> Sites.Search.All
- User -> User.Read.All
- Go to “Expose an API” and click on Add a scope. Now add following scopes with their user friendly description:
- offline_access
- Read.All
- Read.All
- Read
- Read.All
Important:
- This URL should be accessible from the client machine. Machine from where user is login into Klera.
- Need to add port 48444 in Firewall/Security systems whitelist.
- Please make sure your Sharepoint instance must be accessible from the Klera Machine.
Steps to configure connection of connector:
- Right click on Connectors >> Connections >> Configure.
- Enter Instance URL : https://graph.microsoft.com
- Application Key: Client Id generated from the azure app
- Application Secret : Client secret Id generated from azure app.
- Authorization URL : https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
- Access Token URL : https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
- Domain for Callback Authentication : Enter HostName with Domain Name of the Klera machine
Example: HostName-123.Kleramachine.com - Scope : AllSites.Read MyFiles.Read Sites.Search.All User.Read.All
- Create New Account and give a user-friendly account Name like : Sharepoint Account.
- Click on 'Save'.
- On clicking ‘Save’, a pop-up will appear which requires Sharepoint user to login using the credentials asked in the pop-up window.
Important: Please make sure, the pop-up is not blocked by the chrome browser.