In this article
| Table of Contents | ||
|---|---|---|
|
Overview
Snaps in this Snap Pack use the Microsoft OneDrive OAuth2 accounts to access the Azure Active Directory. For the OAuth2 accounts to function without any issue, ensure to (create and) configure an application corresponding to the account as explained in the steps below. These steps also contain information required to create/define a new OAuth2 account for using with this Snap Pack.
Create/Access your Azure Portal Application
- Log into the Microsoft Azure Portal.
- To create a new application, click Azure Active Directory under Azure Services.
- Click Add → App Registrations.
On the Register an Application page, enter the Name and Redirect URL Name and Redirect URL for the new app registration. Redirect URL is the URL of your SnapLogic server that uses this account.
ORNote To use an existing application, select the application from the list in the App Registrations → All Applications and type the name of the application you want to open.
- Click Register.
Locate Information Required to Create your OAuth2 Account
- Under Essentials, make a note of Application(client) ID and Tenant ID.
- On Certificates and Secrets page, click +New client secret.
- On the Add a client secret page, enter the Description and Expires and click Add.
The client secret is generated.
- Under Manage, Click API Permissions → Add a Permission.
- On Request API permissions page, select Microsoft Graph → Delegated Permissions for OAuth2 User account and Application Permissions for OAUth2 application Account.
- Add the following minimum API permissions for OneDrive:
Delegated Permissions:- Files.
You can select the permissions from Files, Users, and Sites.- Read: Access to read user files.
- Files.Read.All: Access to read all files that user can access.
- Files.Read.Selected: Access to read files that the user selects.
- Files.ReadWrite: Allows full acess to user files.
- Files.ReadWrite.All: Allows full access to all files user can access.
- Files.Read.All: Access to read files in all site collections.
Files.ReadWrite.All: Access to read and write files in all site collections.
Info - Site.ReadWrite.All permission is mandatory only when the DriveType is DocumentLibrary.
- offline_access is required to maintain access to data for which access is provided.
Learn more:
- Click Add Permissions. You can see all the permissions added under Configured Permissions.
- Click Grant admin consent for SnapLogic Inc and select Yes.
- Click Overview and Add a Redirect URls.
- Under Platform Configurations, click Add a platform.
- Select Web and enter a valid redirecting URI and click Configure.
- Under Implicit grant and hybrid flows, select Access tokens (used for implicit flows) checkbox and click Save.
Scopes and Permissions
...
Available in OneDrive API
OneDrive and SharePoint expose a few granular permissions that control the access that apps have to resources. When a user signs users sign in to your app they, or, in some cases, an administrator, are required to provide consent to these permissions. For Learn more information on about scopes, see: Microsoft Graph permissions.
...
Delegated permissions | |||
|---|---|---|---|
| Permission | Display String | Description | Admin Consent Required? |
| Sites.Read.All | Read items in all site collections | Allows the app to read documents and list items in all site collections on behalf of the signed-in user. | No |
| Sites.ReadWrite.All | Read and write items in all site collections | Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user. | No |
| Sites.Manage.All | Create, edit, and delete items and lists in all site collections | Allows the app to manage and create lists, documents, and list items in all site collections on behalf of the signed-in user. | No |
| Sites.FullControl.All | Have full control of all site collections | Allows the app to have full control to SharePoint sites in all site collections on behalf of the signed-in user. | Yes |
Define the Information Required to Create your OAuth2 Account
- Navigate to the Snap of your choice and set up the account with the following details:
- Client ID
- Tenant ID
- Client secret
- OAuth2 Endpoint: https://login.microsoftonline.com/<tenantName>.onmicrosoft.com/oauth2/v2.0/authorize
OAuth2 Token: https://login.microsoftonline.com/<tenantName>.onmicrosoft.com/oauth2/v2.0/token
Info To get the OAuth2 Endpoint and OAuth2 Token, click Overview → Endpoints and copy the (V2) endpoints .
- Token Endpoint Config:
- Token endpoint parameter: response_type
- The token endpoint parameter value: code
- Auth Endpoint configuration:
- Authentication parameter: scope
- Authentication parameter value: offline_access
Check the Auto-refresh token checkbox and click Authorize.
You will be redirected to the login page of Microsoft office.Login and accept the permissions.
The Access token and the Refresh Token will be generated.Check the Auto-refresh token checkbox and save the account.
...