In this article
...
Use this account type to connect Microsoft OneDrive Snaps with data sources that use Microsoft OneDrive User accounts.
Prerequisites
A registered application in the Microsoft Azure Portal with appropriate permissions. See Application Configuration in Azure Portal for OAuth2 Account for the steps to configure a registered application and for information needed to define settings for the OAuth2 account.
...
| Parameter | Data Type | Description | Default Value | Example | |||||
|---|---|---|---|---|---|---|---|---|---|
Label | String | Required. Enter a unique label for the account. | N/A | OneDrive_Docs_User_Account | |||||
Client ID | String | Required. Enter the client ID associated with your Azure application. You can create the client ID as advised by your application provider. | N/A | 9ee09921-7b72-432d-b552-a21e8a1ab143 | |||||
Client secret | String | Enter the client secret associated with your account. You can create the client secret as advised by your application provider. | N/A | bec1f9242f9nsh67f2276b9ws4cadd14 | |||||
Access token | String | Auto-generated after authorization. The access token associated with the Azure portal application is used to make API requests on behalf of the user associated with the client ID. | N/A | N/A | |||||
| Refresh token | String | The refresh token retrieval for the application is specified when setting up the account for the endpoint. There, the OAuth2 flow will be executed and the resulting refresh token can be stored in this property. If the refresh token is stored, then the access token can be refreshed automatically before it expires. | N/A | N/A | |||||
Access token expiration | Integer | The access token expiration value. | N/A | N/A | |||||
OAuth2 Endpoint | String | Required. Authorization endpoint to authorize the application. | https://login.microsoftonline.com/ <tenant_id>/oauth2/v2.0/authorize | https://login.microsoftonline.com/9ee09921-7b72-432d-b552-a21e8a1ab143/oauth2/v2.0/authorize | |||||
OAuth2 Token | String | Required. Token endpoint to get the access token. | https://login.microsoftonline.com/ <tenant_id>/oauth2/v2.0/token | https://login.microsoftonline.com/9ee09921-7b72-432d-b552-a21e8a1ab143/oauth2/v2.0/token | |||||
Token endpoint config | Use this field set to configure token endpoint parameters as necessary for the account. This field set comprises the following fields:
Click the + or - icons to respectively add or remove configuration rows.
| ||||||||
Token endpoint parameter | String | Provide the name for the token endpoint parameter. | N/A | scope | |||||
Token endpoint parameter value | String | Provide the value for the parameter, typically the default scope . See Scopes and permissions required for OneDrive API.
| N/A | offline_access Files.ReadWrite.All Sites.ReadWrite.All | |||||
| Auth endpoint config | Use this field set to assign scopes for the OAuth2 Authentication endpoint for the App account. It is recommended to define at least one scope entry in this field set. This field set comprises the following fields:
Click the + or - icons to respectively add or remove configuration rows. | ||||||||
Authentication parameter | String | Provide the name for an the authentication parameter. | N/A | scope | |||||
Authentication parameter value | String | Provide the value for the parameter, typically the default scope or a redirect_uri. See Scopes and permissions required for OneDrive API. | N/A | Files.ReadWrite | |||||
| Auto-refresh token | Check box | Select this check box to refresh the token automatically, using the refresh token, when the token is due for expiry. The token refresh does not happen automatically if this check box is not selected. | Selected | Not selected | |||||
| Authorize | Button | Click this button to acquire the required permissions for this account from the Azure portal app, when creating an account. For existing accounts, you can click this button to re-acquire the permissions to ensure that the account works as expected. This action does not require or result in any changes to the Access Token that is already generated. | N/A | N/A | |||||
| Refresh | Button | Click to button to initiate a token refresh action manually. | N/A | N/A | |||||
...
OneDrive and SharePoint expose a few granular permissions that control the access that apps have to resources. When a user signs in to your app they, or, in some cases, an administrator, are required to provide consent to these permissions. For more information on the available scopes, refer Microsoft Graph permissions.
Files
Delegated permissions | |||
|---|---|---|---|
| Permission | Display String | Description | Admin Consent Required? |
| Files.Read | Read user files | Allows the app to read the signed-in user's files and suggests files in the relevant suggestion field. | No |
| Files.Read.All | Read all files that user can access | Allows the app to read all files the signed-in user can access and suggests files in the relevant suggestion field. | No |
| Files.ReadWrite | Have full access to user files | Allows the app to read, create, update, and delete the signed-in user's files. | No |
| Files.ReadWrite.All | Have full access to all files user can access | Allows the app to read, create, update, and delete all files the signed-in user can access. | No |
| Files.ReadWrite.AppFolder | Have full access to the application's folder (preview) | Allows the app to read, create, update, and delete files in the application's folder. | No |
| Files.Read.Selected | Read files that the user selects | Allows the app to read files that the user selects. The app has access for several hours after the user selects a file. | No |
| Files.ReadWrite.Selected | Read and write files that the user selects | Allows the app to read and write files that the user selects. The app has access for several hours after the user selects a file. | No |
Application permissions | |||
| Permission | Display String | Description | Admin Consent Required? |
| Files.Read.All | Read files in all site collections | Allows the app to read all files in all site collections without a signed in user. | Yes |
| Files.ReadWrite.All | Read and write files in all site collections | Allows the app to read, create, update, and delete all files in all site collections without a signed in user. | Yes |
...
Delegated permissions | |||
|---|---|---|---|
| Permission | Display String | Description | Admin Consent Required? |
| Sites.Read.All | Read items in all site collections | Allows the app to read documents and list items in all site collections on behalf of the signed-in user and suggests the sites in the relevant suggestion field. | No |
| Sites.ReadWrite.All | Read and write items in all site collections | Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user. | No |
| Sites.Manage.All | Create, edit, and delete items and lists in all site collections | Allows the app to manage and create lists, documents, and list items in all site collections on behalf of the signed-in user. | No |
| Sites.FullControl.All | Have full control of all site collections | Allows the app to have full control to SharePoint sites in all site collections on behalf of the signed-in user. | Yes |
...
Delegated permissions | |||
|---|---|---|---|
| Permission | Display String | Description | Admin Consent Required? |
| Sign in and read user profile | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users and also suggests users in the User suggestion field. | No | |
| User.ReadWrite | Read and write access to user profile | Allows the app to read your profile. It also allows the app to update your profile information on your behalf. | No |
Application permissions | |||
| Permission | Display String | Description | Admin Consent Required? |
| Read all users' full profiles | Allows the app to read user profiles without a signed in user and also suggests users in the User suggestion field.. | Yes | |
| Read and write all users' full profiles | Allows the app to read and update user profiles without a signed in user. | Yes | |
...