oauth

  • 27 Oct

    Google Drive migrate from the OAuth out-of-band (OOB) flow

    How to migrate from OAuth out-of-band (OOB) flow

    Google Out-Of-Band (OOB) flow Migration Guide

    Key compliance dates

      • February 28, 2022 – new OAuth usage blocked for the OOB flow
      • September 5, 2022 – a user-facing warning message may be displayed to non-compliant OAuth requests
      • October 3, 2022 – the OOB flow is deprecated for OAuth clients created before February 28, 2022
    Please open your Google Drive Setup in Limagito File Mover because we’ll need to make some adjustments.
    – We switched to API v3 but should also work with v2. When using API v3 and x64bit, please use a version starting from v2022.10.27.0
    Google Drive API v3
    – Please add the following information to the OAuth2 setup:
    migrate from OAuth out-of-band (OOB) flow
    – Authorization Endpoint URL: https://accounts.google.com/o/oauth2/v2/auth
    – Token Endpoint URL: https://www.googleapis.com/oauth2/v4/token
    – Client ID
    – Client Secret
    – Redirect URI: http://127.0.0.1
    – Redirect Port: 3017 (can be any other port that is not in use)
    Click GET and your browser will open. Please follow the steps in your browser and after acceptance we will automatically fill in Refresh Token and Access Token. Do not forget to <Save> afterwards.
    Limagito File Mobver GMail SMTP with OAuth2

    #FileTransfer #OAuth

    If you need any info about this ‘migrate from OAuth out-of-band (OOB) flow’ How To, please let us know.

    Best regards,

    Limagito Team

    By Limagito-Team Google OAuth2 , , ,
  • 23 Oct

    SharePoint OAuth 2.0 authorization code flow

    Version v2023 is needed and available here.

    This blog article is based on the following information: Microsoft identity platform and OAuth 2.0 authorization code flow

    First you’ll need to register an AD app with your AD Tenant. It will assign you the necessary information you need for the OAuth2 setup.

    Some links to get you started:

    14th of July 2023, We received feedback from our user Christoph today that he used the settings below together with our latest version v2023.7.10.0 successfully.

    We added some screenshots of a possible setup in our File Mover:

    • Please set Auth Type in our SharePoint setup to: ‘OAuth 2.0 Authorization Code Flow’

    SharePoint OAuth Authentication

    • OAuth2 Setup:
      • Enable ‘Code Challenge’
      • Enable ‘Include Nonce’
      • Set ‘Authorization Endpoint URL’
        • https://login.microsoftonline.com/%realm/oauth2/v2.0/authorize
        • %realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
      • Set ‘Token Endpoint URL’
        • https://login.microsoftonline.com/%realm/oauth2/v2.0/token
        • %realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
      • Enter your Client ID and Client Secret (please check the article howto create them)
      • Set ‘Scope’ to: openid offline_access https://yourSite.sharepoint.com/Sites.ReadWrite.All
        • Replace the YourSite part with the <Tenant> name you are using.
        • Don’t forget to add “Sites.ReadWrite.All” to the Permissions in your Azure setup.
          • Permissions Type must be Delegated.
          • FYI: Delegated permissions, also called scopes, allow the application to act on behalf of the signed-in user.
        • An alternative could be: openid offline_access https://yourSite.sharepoint.com/.default
      • Leave Resource empty
      • Leave Response Mode empty to omit the default response_mode “query” param.
      • Leave Response Type empty, this way the default value “code” will be used.
      • The Redirect URI should be http://localhost/   (and not https://localhost/)
        • Be sure to add the redirect URI in Azure too, combined with the Redirect Port in the example it would be:  http://localhost:3017
      • When using %realm in the ‘Authorization or Token Endpoint URL’
        • Please set ‘Realm’ to your Tenant of Tenant_ID

    After the setup, please click on the <Get> button. If you get a firewall popup, you’ll need to accept this otherwise we will not be able to capture the Tokens.

    Follow the steps in the browser and it should fill the Refresh and Access Token afterwards. Do not forget to click <Save>.

    SharePoint OAuth 2.0 authorization code flow

    • Common Setup:

    If you want extra debug information during the test, please enable ‘Add Control Information to Log’

    SharePoint OAuth Authentication

    > Some information about why we use http://localhost/ as redirect URI:

    In the case of a desktop application like our Limagito Remote Tool, you don’t have the capability to receive a redirect on a web server. Our tool will create a temporary background thread for the single purpose of receiving the redirect. Thus the local temporary web browser that interactively gets permission from the account owner is always communicating with your application on the same local machine. There is no communication across the Internet for the redirect, and therefore no HTTPS is needed. In fact, you cannot really use HTTPS because what server certificate would you use? You’d run into all sorts of trust issues with the browser not being happy with some self-signed “localhost” certificate. There’s just no point in opening that can of worms because it’s not even necessary.

    #Filetransfer #SharePoint

    If you need any help with this ‘how-to-access-sharepoint-rest-api-using-oauth’ option, please let us know.

    Best Regards,

    Limagito Team

     

    By Limagito-Team SharePoint , ,
  • 23 Oct

    How to access SharePoint Rest API using OAuth

    Version v2023 is needed and available here.

    Update: A newer and preferred OAuth2 setup is explained in the following blog article: link

    This Authorization method using OAuth2 was tested by a customer of us (Eddy, we really appreciate this). It is based on the following article.

    As mentioned in the article, first you’ll need to register an AD app with your AD Tenant. It will assign you the necessary information you need for the OAuth2 setup

    Feedback customer:

    • This required the following settings in Azure. Maybe only the delegated permissions under Graph are enough, didn’t play too much.

    Sharepoint OAuth2 authorization

    • Also the the redirect url should be set for the app, and ID_token must be enabled.

    Sharepoint OAuth2 authorization

    Limagito File Mover Setup:

    • In this case the Auth Type in our SharePoint setup should be set to: ‘OAuth 2.0 Authorization Code Flow’

    SharePoint OAuth Authentication

    • OAuth2 Setup:
      • Disable ‘Code Challenge’
        • Seems to work also when enabled (tested by customer)
      • Enable ‘Include Nonce’
      • Set ‘Authorization Endpoint URL’
        • https://login.microsoftonline.com/%realm/oauth2/authorize
        • %realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
      • Set ‘Token Endpoint URL’
        • https://login.windows.net/%realm/oauth2/token?api-version=1.0
        • %realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
      • Enter your Client ID and Client Secret (please check the article howto create them)
      • Set ‘Scope’ to:  openid
        • If you don’t receive a Refresh Token, change it to:  openid offline_access
        • Customer used: https://<Tenant>.sharepoint.com/.default
      • Set ‘Resource’ to:  https://graph.microsoft.com/
        • Customer used: https://<Tenant>.sharepoint.com
      • Set Response Mode to:  form_post
      • Set Response Type to:  id_token+code
      • When using %realm in the ‘Authorization or Token Endpoint URL’
        • Please set ‘Realm’ to your Tenant of Tenant_ID

    After the setup, please click on the <Get> button. If you get a firewall popup, you’ll need to accept this otherwise we will not be able to capture the Tokens.

    Follow the steps in the browser and it should fill the Refresh and Access Token afterwards. Do not forget to click <Save>.

    • OAuth2 setup  used by customer (info about the .default Scope: here):

    access SharePoint Rest API using OAuth

    • OAuth2 setup we received from our SharePoint source code provider:

    SharePoint OAuth Authentication

    • Common Setup:

    If you want extra debug information during the test, please enable ‘Add Control Information to Log’

    SharePoint OAuth Authentication

    #Filetransfer #SharePoint

    If you need any help with this ‘how-to-access-sharepoint-rest-api-using-oauth’ option, please let us know.

    Best Regards,

    Limagito Team

1 2
SEARCH