Creating a Custom OAuth Application
Creating a Custom OAuth Application
For users who will authenticate via OAuth, you must create a custom OAuth application to deliver the required OAuth-specific credentials, then add the scope permissions required to access the Microsoft Project API.
Create the Application
Note: The tenant administrator must perform the following steps to create a custom OAuth application, as only they have the necessary permissions to access the required URLs.
- Log into the Project Web App Site through your site's UI, or by entering your site's Create App link into your browser: https://{site}.sharepoint.com/sites/{Project_Web_App_Site}/_layouts/15/appregnew.aspx.
- Fill in the required fields. When specifying the application's Callback URL (a website page where you want
users to land after they grant permission to your custom OAuth application), do one of the following:
- Specify a secure URL for the page (should begin with https://).
OR - Specify https://oauth.cdata.com/oauth/ as the callback URL, then add an extra state connection property that contains the actual redirect callback.
Record the ClientID and ClientSecret for later use.
- Specify a secure URL for the page (should begin with https://).
Add Scope Permissions
In order to access the Microsoft Project API, you must give the new OAuth application scope permissions.- Log in at https://{site}.sharepoint.com/sites/{Project_Web_App_Site}/_layouts/15/AppInv.aspx.
- In the App Id field, enter the ClientID you obtained when creating the application.
- Click Lookup. The other fields should automatically populate with application details like Title, App Domain and Redirect URL.
- To specify the default permissions needed for full API access, enter the following text in the permissions request XML box:
<AppPermissionRequests> <AppPermissionRequest Scope="http://sharepoint/projectserver" Right="Manage"/> <AppPermissionRequest Scope="http://sharepoint/projectserver/projects" Right="Write"/> <AppPermissionRequest Scope="http://sharepoint/projectserver/enterpriseresources" Right="Write"/> <AppPermissionRequest Scope="http://sharepoint/projectserver/reporting" Right="Read"/> </AppPermissionRequests>
Note: The logged in user should also have the appropriate permissions to access the API.
Granting User Access to Web Services
There are two different ways to give users access to web services, depending on whether your Project Web Applicat (PWA) is in Project permission mode or SharePoint permission mode.
Project Permission Mode
If your PWA is in Project Permission mode, you can grant users access to Web Services by editing their global permissions. For each user you want to add, do the following:- Open the PWA's PWA Settings page.
- In the Security section, click Manage Users.
- Find the user name of the interested user. Click their name. The PWA displays an Edit User box.
- Expand the Global Permissions section.
- Under Access Project Server Reporting Service, check Allow.
SharePoint Permission Mode
If your PWA is in SharePoint permission mode, you can grant user access to Web Services by adding them to one of four Security Groups that have at least "Access Project Server Reporting Service" access. For each user you want to add, do the following:- Open the PWA's PWA Settings page.
- In the Security section, click Manage Users.
- Find the user name of the interested user. Click their name. The PWA displays an Edit User box.
- Under the Security Groups section, select one of the groups with the required access permissions, such as Portfolio Viewers, Portfolio Managers, and Administrators.
- To add the user, click > .