OAuth
The CData JDBC Driver for Microsoft Teams enables the granular control useful in more complex deployments; you can use the following properties to present a custom OAuth application to your users, connect through a firewall, or troubleshoot connections.
Create and Configure a Custom OAuth App
This step is not typically necessary to authenticate with OAuth, as you can use the driver's embedded credentials to connect. This step is only necessary for Web applications.
Desktop applications can use the driver's embedded credentials. You can register your own application to customize the permissions the driver requests or to display your own information, instead of driver information, when users log into Microsoft Teams to grant permissions to the driver.
Create the App
You can follow the procedure below to register an app. To register an application, you will need both an Office 365 for business account and an Azure AD subscription associated with your Office 365 for business account.
- In the Azure portal, click Azure Active Directory.
- Click App Registrations on the Overview blade and then click New application registration.
- In the resulting dialog, enter a name to be displayed to users when they are prompted to grant permissions to your application.
- Select the Web App/Web API option in the Application Type menu. (The driver makes calls to the Microsoft Graph API.)
- Select a Sign-On URL. This value is not used by the driver or in the authentication step, so it can be set to your home page or an arbitrary URL like http://localhost.
- Click Create.
Configure the App
Follow the steps below to obtain the OAuth client credentials and configure the permissions your app will request.
- Select the new app. On the resulting blade, the Application Id is displayed. You will need to set the OAuthClientId property to this.
- If users in other organizations will use your app to connect to data in their own organization, select Properties on the Settings blade. On the blade that appears, select Yes in the Multi-Tenanted option.
- Select Keys on the Settings blade. Provide a description for the Key and select a duration in the menu and click Save. The key value is then displayed. Copy and save the key value, the value for OAuthClientSecret.
-
Click Reply URLs on the Settings blade.
-
Set the Reply URL to http://localhost:33333, or another port of your choice. Note that you must specify the port that the driver will listen on.
-
If you are making a desktop application, set the Reply URL to http://localhost:33333, or another port of your choice. Note that you must specify the port that the driver will listen on.
If you are making a Web application, set the Reply URL to a page of your app where you would like users to return after they authorize your application.
- Select Required Permissions on the Settings blade and then click Add on the resulting blade. Select the Microsoft Graph API and then select the permissions your app will seek. Hit the Grant Permissions button afterwards for the new permissions to take effect.
Select App Permissions
The following delegated permissions allow access to the full functionality of the driver.
- Have full access to all files user can access.
- Have full access to user contacts.
- Have full access to user calendars.
- Send mail as a user.
- Read and write access to user mail.
- Access directory as the signed-in user.
- Read and write all groups.
Custom App
To provide your custom app's OAuth credentials, set the following connection properties when you connect:
- OAuthClientId: Set this value to the Application Id in your app settings.
- OAuthClientSecret: Set this value to the key value in your app settings.
- CallbackURL: Set this value to the Reply URL in your app settings.
- InitiateOAuth: Set this value to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.