OAuth2

  • 23 Oct

    How to access SharePoint Rest API using OAuth

    Version v2023 is needed and available here.

    Update: A newer and preferred OAuth2 setup is explained in the following blog article: link

    This Authorization method using OAuth2 was tested by a customer of us (Eddy, we really appreciate this). It is based on the following article.

    As mentioned in the article, first you’ll need to register an AD app with your AD Tenant. It will assign you the necessary information you need for the OAuth2 setup

    Feedback customer:

    • This required the following settings in Azure. Maybe only the delegated permissions under Graph are enough, didn’t play too much.

    Sharepoint OAuth2 authorization

    • Also the the redirect url should be set for the app, and ID_token must be enabled.

    Sharepoint OAuth2 authorization

    Limagito File Mover Setup:

    • In this case the Auth Type in our SharePoint setup should be set to: ‘OAuth 2.0 Authorization Code Flow’

    SharePoint OAuth Authentication

    • OAuth2 Setup:
      • Disable ‘Code Challenge’
        • Seems to work also when enabled (tested by customer)
      • Enable ‘Include Nonce’
      • Set ‘Authorization Endpoint URL’
        • https://login.microsoftonline.com/%realm/oauth2/authorize
        • %realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
      • Set ‘Token Endpoint URL’
        • https://login.windows.net/%realm/oauth2/token?api-version=1.0
        • %realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
      • Enter your Client ID and Client Secret (please check the article howto create them)
      • Set ‘Scope’ to:  openid
        • If you don’t receive a Refresh Token, change it to:  openid offline_access
        • Customer used: https://<Tenant>.sharepoint.com/.default
      • Set ‘Resource’ to:  https://graph.microsoft.com/
        • Customer used: https://<Tenant>.sharepoint.com
      • Set Response Mode to:  form_post
      • Set Response Type to:  id_token+code
      • When using %realm in the ‘Authorization or Token Endpoint URL’
        • Please set ‘Realm’ to your Tenant of Tenant_ID

    After the setup, please click on the <Get> button. If you get a firewall popup, you’ll need to accept this otherwise we will not be able to capture the Tokens.

    Follow the steps in the browser and it should fill the Refresh and Access Token afterwards. Do not forget to click <Save>.

    • OAuth2 setup  used by customer (info about the .default Scope: here):

    access SharePoint Rest API using OAuth

    • OAuth2 setup we received from our SharePoint source code provider:

    SharePoint OAuth Authentication

    • Common Setup:

    If you want extra debug information during the test, please enable ‘Add Control Information to Log’

    SharePoint OAuth Authentication

    #Filetransfer #SharePoint

    If you need any help with this ‘how-to-access-sharepoint-rest-api-using-oauth’ option, please let us know.

    Best Regards,

    Limagito Team

  • 08 May

    Sending emails using GMail SMTP with OAuth2 authentication – OOB

    Q: Sending emails using GMail SMTP with OAuth2 authentication. I am trying to set up an outgoing email notification that will happen when a file moves to it’s destination.

    8th of May 2022, we are working on an update because of: OAuth out-of-band (oob) flow will be deprecated

    Instead of the Google URI urn:ietf:wg:oauth:2.0:oob you’ll have to use a loopback (IP) address as Redirect URI like http://127.0.0.1 or http://localhost

    Starting from version v2022.5.8.0 a redirect port will be added to the OAuth2 setup which is only needed during the OAuth2 verification setup.

     

    A: Yes this is possible.

    First check if you enabled the GMail API in your account: https://support.google.com/googleapi/answer/6158841?hl=en

    Secondly we’ll need credentials ‘Client ID and Client Secret’  for the OAuth2 authentication: https://support.google.com/googleapi/answer/6158857?hl=en&ref_topic=7013279

    We added some screenshots to help you with the setup.

    Limagito File Mover SMTP Setup

    Don’t forget the Security Options:

    Limagito File Mover SMTP Setup

    OAuth2 Setup:

    OAuth out-of-band (oob) flow will be deprecated
    Please add the following information:
    – Authorization Endpoint URL: https://accounts.google.com/o/oauth2/v2/auth
    – Token Endpoint URL: https://www.googleapis.com/oauth2/v4/token
    – Client ID
    – Client Secret
    – Scope: https://mail.google.com/
    – Redirect URI: http://127.0.0.1
    – Redirect Port: 3017 (can be any other port that is not in use)
    Click GET and your browser will open. Please follow the steps in your browser and after acceptance we will automatically fill in Refresh Token and Access Token. Do not forget to <Save> afterwards.

    Limagito File Mobver GMail SMTP with OAuth2

    RunTime Log Result when testing:

    8/05/2022 17:54:07 OAuth2 Authorization Successful
    8/05/2022 17:54:09 Send Success C:\Test\In\IntroXFM.pdf to smtp.gmail.com;1356113
    8/05/2022 17:54:09 ************************************************************
    8/05/2022 17:54:09 Rule Start Time: 8/05/2022 17:54:07
    8/05/2022 17:54:09 Rule End Time: 8/05/2022 17:54:09
    8/05/2022 17:54:09 Total Files Successful, Count: 1 & Size: 1356113
    8/05/2022 17:54:09 ************************************************************

    #FileTransfer

    If you need any info about this ‘GMail SMTP with OAuth2’ question, please let us know.

    Best regards,

    Limagito Team

    By Limagito-Team Google OAuth2 SMTP , , ,
  • 18 Dec

    Sending emails using GMail SMTP with OAuth2 authentication

    Q: Sending emails using GMail SMTP with OAuth2 authentication. I am trying to set up an outgoing email notification that will happen when a file moves to it’s destination.

    8th of May 2022, we are working on an update because of: OAuth out-of-band (oob) flow will be deprecated

    Instead of the Google URI urn:ietf:wg:oauth:2.0:oob you’ll have to use a loopback (IP) address as Redirect URI like http://127.0.0.1 or http://localhost

    In this update (version v2022.5.8.0) a redirect port will be added which is only needed during the OAuth2 verification setup.

    Please check: Update Info

     

    A: Yes this is possible.

    First check if you enabled the GMail API in your account: https://support.google.com/googleapi/answer/6158841?hl=en

    Secondly we’ll need credentials ‘Client ID and Client Secret’  for the OAuth2 authentication: https://support.google.com/googleapi/answer/6158857?hl=en&ref_topic=7013279

    We added some screenshots to help you with the setup.

    Limagito File Mover SMTP Setup

    Don’t forget the Security Options:

    Limagito File Mover SMTP Setup

    OAuth2 Setup:

    Limagito File Mover SMTP OAuth2 authentication

    Please add the following information:
    – Authorization Endpoint URL: https://accounts.google.com/o/oauth2/v2/auth
    – Token Endpoint URL: https://www.googleapis.com/oauth2/v4/token
    – Client ID
    – Client Secret
    – Scope: https://mail.google.com/
    – Redirect URI: urn:ietf:wg:oauth:2.0:oob
    Click GET and your browser will open. Follow steps and copy / paste the code from your browser in the ‘Auth Code’ field.
    This will automatically fill in Refresh Token and Access Token. Do not forget to <Save> afterwards.

    Limagito File Mover SMTP OAuth2 authentication

    RunTime Log Result when testing:

    Limagito File Mover RunTime log result

    #FileTransfer

    If you need any info about this ‘GMail SMTP’ question, please let us know.

    Best regards,

    Limagito Team

SEARCH