Enabling OAuth 2 authentication for SharePoint

Please follow the steps below in order to enable OAuth 2 on your Sharepoint environment and connect to the portal:

1. Method #1

Create an application under Azure AD

1. Navigate to: https://admin.microsoft.com
2. Login with your Sharepoint credentials
3. On the left pane, click Show All
4. Under Admin Centers, click “Azure Active Directory”
5. In Azure portal, click “Azure Active Directory” in the left pane
6. Under Manage, click App Registrations
7. Click New registration on the toolbar
8. Enter “Sharepoint OAuth 2” for the application name
9. Select the second option: 
10. Accounts in any organizational directory (Any Azure AD directory - Multitenant)
11. Under Redirect URI, select “Web” and enter “http://localhost”
12. Click “Register”

Set API Permissions

1. Under Manage, click “API permissions”
2. Click, “Add a permission” on the toolbar
3. Select “Sharepoint” on the “Request API permissions” dialog
4. Select the “Delegated permissions” box, (It is highlighted in gray when selected).
5. Give required permissions (eg. AllSites.FullControl, MyFiles.Read, User.Read.All, etc.)
6. Click Add permissions

Grant Admin Consent

Click “Grant admin consent for <company name>” on the toolbar and click “Yes” on the confirmation dialog box.

Update the Manifest

1. Under Manage, click Manifest
2. Set the allowPublicClient to true
3. Set the oauth2AllowIdTokenImplicitFlow to true
4. Set the oauth2AllowImplicitFlow to true
5. Click Save

Create secret key:

1. Under Manage, click Certificates & secrets
2. Click, New client secret on the toolbar
3. Enter Sharepoint Secret in the Description
4. From Expires dropdown, select 24 Months
5. Click Add
6. Your secret is added. Copy the code under the Value column and keep it in a safe place

Copy required information

1. In the menu, click Overview
2. Copy the Application (Client) ID by the clicking the copy button
3. Copy the Directory (Tenant) ID by clicking the copy button

Give permission to created application

1. Navigate to: https://<your_company>.sharepoint.com/_layouts/15/appinv.aspx where <your_company> is your domain name for the sharepoint.
2. Enter the Application (Client) ID that you copied before in the App Id field
3. Click Lookup 
4. Enter your magentrix domain name in the App Domain field
5. Copy and paste the following XML in the Permission Request XML field:
    

6. <AppPermissionRequests AllowAppOnlyPolicy="true">  
   <AppPermissionRequest Scope=" http://sharepoint/content/sitecollection" Right="FullControl"/>  
   </AppPermissionRequests>

7. Click Create
8. Click Trust It

   ---

   1. Method #2

Register a Sharepoint application

1. Navigate to: https://<your_company>.sharepoint.com/_layouts/15/appregnew.aspx
2. Click the Generate button for Client Id
3. Click the Generate button for Client Secret
4. For Title, enter: Sharepoint oAuth App
5. For App Domain, you can enter your company domain
6. For Redirect Uri, enter: https://localhost
7. Click Create
8. Copy the Client Id and Client Secret

Give permission to the newly created Sharepoint application

1. Navigate to: https://<your_company>-admin.sharepoint.com/_layouts/15/appinv.aspx
2. Enter the Client Id in the App Id field and click the Lookup button
3. Copy and paste the following in the Permission Request XML field:

4. <AppPermissionRequests AllowAppOnlyPolicy="true">
   <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />  
   </AppPermissionRequests>

5. Click Create
6. Click Trust It

2. Setup Sharepoint credentials in Magentrix:

Enter AppID and SecretValue in Magentrix

1. Login to your Magentrix portal with an Admin account
2. Go to: Setup > Extend > Connected Apps
3. Select Sharepoint from the list and click on Edit button
4. Enter the AppID (Client Id) in the Username field
5. Enter the Client Secret in the Password field
6. Enter the TenantID in the Security Token field
7. Click on Save button

Optional Steps: How to test in Postman

Get Authentication Token

1. Open a new tab and set the action as POST
2. Address: https://accounts.accesscontrol.windows.net/{TENANT_ID}/tokens/oAuth/2
3. Under Body select form-data and add the following:
   1. grant_type  client_credentials
   2. client_id  {CLIENT_ID}@{TENANT_ID}
   3. client_secret  {SECRET_VALUE}
   4. resource: 00000003-0000-0ff1-ce00-000000000000/<YOUR_COMPANY_DOMAIN>.sharepoint.com@{TENANT_ID}
4. Click on Send button and you should get the auth token

Querying Data

1. Open a new tab and set the action as GET
2. Address: https://<your_company>.sharepoint.com/_api/Web/Lists/{Entity}/Items
3. Content-Type: application/json;odata=verbose
4. Accept: application/json;odata=verbose
5. Authorization: Bearer {TOKEN_FROM_ABOVE}
6. Click on Send button and you should get the result with HTTP status code 200

If the result is empty array

1. Launch Powershell in Admin mode
2. Enter: Install-Module -Name Microsoft.Online.SharePoint.PowerShell
3. Enter: Connect-SPOService -Url https://<your_company>-admin.sharepoint.com -Credential user@magentrixsbx.onmicrosoft.com
4. Enter your password
5. Enter: set-spotenant -DisableCustomAppAuthentication $false

Note: To access the Sharepoint applications settings page, go to the following URL:

https://<your_company>.sharepoint.com/_layouts/15/settings.aspx