Creating a Custom AzureAD App
When to Create a Custom OAuth App
CData embeds OAuth Application Credentials with CData branding that can be used when connecting via either a Desktop Application or from a Headless Machine. Creating a custom OAuth application is, however, required when using a web application.You may choose to create your own OAuth Application Credentials when you want to
- control branding of the Authentication Dialog
- control the redirect URI that the application redirects the user to after the user authenticates
- customize the permissions that you are requesting from the user
Creating a Custom OAuth App
Follow the steps below to obtain OAuth values for your app, the OAuthClientId and OAuthClientSecret.
- Log in to the Azure Portal.
- In the left-hand navigation pane, select Azure Active Directory > App Registrations and click Add.
- Enter an application name and select Any Azure AD Directory - Multi Tenant. Then set the redirect url to http://localhost:33333, the driver's default or set a different port of your choice and set CallbackURL to the exact reply URL you defined.
- After creating the app, navigate to the "Certificates & Secrets" section, create a client secret for the application, and select a duration.
- After you save the key, key value is displayed once. Set OAuthClientSecret to the displayed value. Set OAuthClientId to the Application Id.
- Select API Permissions and click Add. If you plan for your application to connect without a user context, select the Application Permissions (OAuthGrantType = CLIENT). Otherwise, when selecting permissions, use the Delegated permissions.
- In the API Permissions section, click on Add a permission and select Sharepoint. Choose the permissions you want your app to have. To view and edit lists, you have to select (at least) the AllSites.Manage permission.
- Save your changes.
- If you have selected to use permissions that require admin consent (such as the Application Permissions), you can grant them from the current tenant on the API Permissions page. Otherwise, follow the steps under "OAuth: Admin Consent" in Establishing a Connection.