OAuth to SharePoint Online

(Jason) #1

Can anyone provide some insight into setting up OAuth for SharePoint?

I guess really what I want to check is the Authorisation Endpoint and the Token Endpoint syntax in the asset details.

We’ve tried a few variations but what we copied straight out of Azure was:

https://[tenant].onmicrosoft.com/[guid]

Does that look right? Using the same thing for both endpoints (for want of a better option)

(Bart Banda) #2

Best place to find out is to read the Sharepoint Online API docs. Do you have a link to those that talk about how to set up OAuth for Sharepoint? That should tell you want the endpoint URLs should be.

(Jason) #3

Thanks Bart. It was actually about getting to the right place in Azure - but I found what I needed eventually. I now have an access token in my OAuth2 Asset, but a little unsure what to do next. I have a REST Resource set up, but finding examples of existing ones to help figure it out is proving difficult. Any tips?

If I view the REST Resource directly, I get an error {“error_description”:“Exception of type ‘Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException’ was thrown.”}

I’m wondering if this indicates I need to do more config on the Azure / SharePoint 365 side

(Bart Banda) #4

Yea I’m not sure, not without looking at their API documentation further.

Someone did send me these instructions they used to get the OAuth 2 token working, but not sure what version of Sharepoint it was for:

  1. First, create a new application on your Salesforce account at the https://login.salesforce.com/ site. You will receive the application ID and secret.

It is important to set Refresh token is valid until revoked option under refresh token policy and also select following OAuth scopes:

  • Full access

  • Perform requests on your behalf at any time (refresh_token, offline access)

Also callback url must match redirect URI provided for OAuth 2 token asset

  1. Create an OAuth2 Token asset.

  2. On the Details screen, enter the ID and Secret provided to you by LinkedIn in the Client ID and Client Secret fields.

  3. In the Authorisation Endpoint field, enter https://na42.salesforce.com/services/oauth2/authorize (where na42 should be replaced with your account subdomain)

  4. In the Token Endpoint field, enter https://na42.salesforce.com/services/oauth2/token

  5. In the Scope field, enter refresh_token and full

  6. In the Redirect URI field, enter callback URI provided in app settings - it is usually url of OAuth 2 token asset or REST asset with nested OAuth 2 token (Salesforce app is sending required data back to callback asset)

  7. Advanced settings should be set as shown below

Under Access Token settings, set Token Storage to Global Permanent and Access Token Expiry to session expiry time set in Salesforce session manager