Excel Add-In for OneDrive

Build 20.0.7695

Creating a Custom OAuth App

To connect to OneDrive, you authenticate to Azure AD. Azure AD implements the OAuth authentication standard. The add-in facilitates OAuth in various ways as described below.

Create and Configure a Custom OAuth App

This step is not typically necessary to authenticate with OAuth, as you can use the add-in's embedded credentials to connect. You can register your own application to customize the permissions the add-in requests or to display your own information, instead of add-in information, when users log into OneDrive to grant permissions to the add-in.

Create the App

You can follow the procedure below to register an app. To register an application, you will need both a OneNote for business account and an Azure AD subscription associated with your OneNote for business account.

  1. In the Azure portal, click Azure Active Directory.
  2. Click App Registrations on the Overview section and then click 'New registration'.
  3. In the resulting dialog, enter a name to be displayed to users when they are prompted to grant permissions to your application.
  4. Select the Web App/Web API option in the Application Type menu (the add-in makes calls to the Microsoft Graph API).
  5. Select a Sign-On URL. This value is not used by the add-in or in the authentication step, so it can be set to your home page or an arbitrary URL like http://localhost.
  6. Click Create.

Configure the App

Follow the steps below to obtain the OAuth client credentials and configure the permissions your app will request.

  1. Select the new app. On the resulting section, the Application Id is displayed. That is the value of the OAuthClientId property you need to set.
  2. If users in other organizations will use your app to connect to data in their own organization, select Properties on the Settings section. On the section that appears, select Yes in the Multi-Tenanted option.
  3. Select 'Certificates & secrets' on the 'Manage' section. Press 'New client secret' to create a new OAuthClientSecret. Add a description for the Key, select the expiration time and click Add. The new Client Secret's value is then displayed. Copy and save that value and use it on the OAuthClientSecret property.
  4. Click Reply URLs on the Settings section.

  5. Set the Reply URL to http://localhost:33333, or another port of your choice. Note that you must specify the port that the add-in will listen on.

  6. Select 'API permissions' on the 'Manage' section and then click 'Add a permission'. Select the Microsoft Graph API and then add the permissions your app will seek. Hit the 'Grant admin consent' button afterwards for the new permissions to take effect.

Select App Permissions

The Files.ReadWrite.All delegated permission allows access to the full functionality of the add-in.

Alternatively, you can select the permission Files.Read.All.

Copyright (c) 2021 CData Software, Inc. - All rights reserved.
Build 20.0.7695