Creating a Custom OAuth App
To connect to OneDrive, you authenticate to Azure AD. Azure AD implements the OAuth authentication standard. The driver facilitates OAuth in various ways as described below.
Create and Configure a Custom OAuth App
This step is not typically necessary to authenticate with OAuth, as you can use the driver's embedded credentials to connect. You can register your own application to customize the permissions the driver requests or to display your own information, instead of driver information, when users log into OneDrive to grant permissions to the driver.
Create the App
You can follow the procedure below to register an app. To register an application, you will need both a OneNote for business account and an Azure AD subscription associated with your OneNote for business account.
- In the Azure portal, click Azure Active Directory.
- Click App Registrations on the Overview section and then click 'New registration'.
- In the resulting dialog, enter a name to be displayed to users when they are prompted to grant permissions to your application.
- Select the Web App/Web API option in the Application Type menu (the driver makes calls to the Microsoft Graph API).
- Select a Sign-On URL. This value is not used by the driver or in the authentication step, so it can be set to your home page or an arbitrary URL like http://localhost.
- Click Create.
Configure the App
Follow the steps below to obtain the OAuth client credentials and configure the permissions your app will request.
- Select the new app. On the resulting section, the Application Id is displayed. That is the value of the OAuthClientId property you need to set.
- If users in other organizations will use your app to connect to data in their own organization, select Properties on the Settings section. On the section that appears, select Yes in the Multi-Tenanted option.
- Select 'Certificates & secrets' on the 'Manage' section. Press 'New client secret' to create a new OAuthClientSecret. Add a description for the Key, select the expiration time and click Add. The new Client Secret's value is then displayed. Copy and save that value and use it on the OAuthClientSecret property.
Click Reply URLs on the Settings section.
Set the Reply URL to http://localhost:33333, or another port of your choice. Note that you must specify the port that the driver will listen on.
- Select 'API permissions' on the 'Manage' section and then click 'Add a permission'. Select the Microsoft Graph API and then add the permissions your app will seek. Hit the 'Grant admin consent' button afterwards for the new permissions to take effect.
Select App Permissions
The Files.ReadWrite.All delegated permission allows access to the full functionality of the driver.
Alternatively, you can select the permission Files.Read.All.