SharePoint Archives - File transfer tool from Limagito

11 Apr
How to use Microsoft Graph API with SharePoint as source and destination
Using Microsoft Graph API with SharePoint
On request we added support for Microsoft Graph as API method in version v2026.4.11.0. So, from this version on we support:
Sharepoint REST API (legacy)
Microsoft Graph API
Limagito FileMover Setup
Setup
Set Site Url and Directory
Select the Auth Type you will be using, check the previous blog articles:
Online Authentication (SPOIDCRL) > deprecated by Microsoft (fully disabled on May 1, 2026)
Classic Authentication (NTLM) > deprecated by Microsoft
Online Authentication using Client Credentials without User Dialog
Online Authentication using OAuth2 > deprecated by Microsoft
OAuth 2.0 authorization code flow
Set “Microsoft Graph API’ as API Method
OAuth2 setup:
Enable ‘Code Challenge’
Enable ‘Include Nonce’
Set ‘Authorization Endpoint URL’
https://login.microsoftonline.com/%realm/oauth2/v2.0/authorize
%realm will be replaced by the Realm value = Directory (tenant) ID. You can also enter the full URL including the Tenant.
Set ‘Token Endpoint URL’
https://login.microsoftonline.com/%realm/oauth2/v2.0/token
%realm will be replaced by the Realm value = Directory (tenant) ID. You can also enter the full URL including the Tenant.
Enter your Client ID and Client Secret
Azure > App Registrations > Select the App you created > Use ‘Application (client) ID’ as Client ID in Limagito SharePoint OAuth2 setup
Azure > Certificates & Secrets > Client secrets > Use ‘Value’ field as Client Secret in Limagito SharePoint OAuth2 setup
Set ‘Scope’ to: openid offline_access https://graph.microsoft.com/.default
Don’t forget to add “Sites.ReadWrite.All” to the Permissions in your Azure setup.
Permissions Type must be Delegated with “OAuth 2.0 authorization code flow”
Permissions Type must be Application with “Online Authentication using Client Credentials without User Dialog”
FYI: Delegated permissions, also called scopes, allow the application to act on behalf of the signed-in user.
An alternative could be: openid offline_access https://graph.microsoft.com/Sites.ReadWrite.All
Leave Resource empty
Leave Response Mode empty to omit the default response_mode “query” param.
Leave Response Type empty, this way the default value “code” will be used.
The Redirect URI should be http://localhost/ (and not https://localhost/)
Be sure to add the redirect URI in Azure too, combined with the Redirect Port in the example it would be: http://localhost:3017
Check if you selected “Web” as Redirect URI Type in Azure (do not use mobile & desktop or SPA)
RedirectPort, we used 3017
When using %realm in the ‘Authorization or Token Endpoint URL’
Please set ‘Realm’ to your Tenant of Tenant_ID
Azure App Registrations
Register an application > + New registration
Set Name, Single tenant and Web as Redirect URI
You’ll need the Application (Client) ID in the OAuth2 setup of Limagito File Mover. Also Directory (Tenant) ID will be used.
Depending on the ‘Authentication Type’ in Limagito File Mover, you’ll need a Redirect URI.
It is http://localhost:3017 and NOT https://
Summary:
Add a new client secret:
Set Client secret description and expire period:
IMPORTANT: we’ll need the Value as Client Secret in the OAuth2 setup of Limagito File Mover. The Secret ID is NOT needed.
Add API Permissions, two types of permissions:
Application permissions allow the app to access data on its own, without a signed-in user. The app acts as itself using its own identity. This is used with client credentials authentication (client ID + secret or certificate). The app has access to all resources that the permission grants — for example, Sites.ReadWrite.All as an application permission gives access to all SharePoint sites in the tenant.
Delegated permissions allow the app to act on behalf of a signed-in user. The app can only access what the user themselves can access. This is used with the OAuth 2.0 authorization code flow where a user signs in through a browser dialog. For example, Sites.ReadWrite.All as a delegated permission gives the app access only to the SharePoint sites that the signed-in user has permission to use.
In short: application = the app acts as itself (no user), delegated = the app acts as the user (user must sign in once during OAuth2 setup).
Select Microsoft Graph:
First option is it to use Application permissions: we added Sites.ReadWriteAll
Select Microsoft Graph:
Second option is it to use Delegated permissions: again we added Sites.ReadWriteAll
Grant admin consent for the choosen Application permissions:
Confirm
Permissions result:

If you need any help about this ‘microsoft Graph API with SharePoint’ option, please let us know.
Best Regards,
Limagito Team
# sharepoint #managedfiletransfer #filetransfer #filemanagement #limagito
By Limagito-Team SharePoint graph, SharePoint

01 Nov

How to create a certificate using powershell

How to create a certificate using powershell

In a previous blog article we used a self signed certificate to authenticate against Azure. We used PowerShell to achieve this.

We used the following PowerShell script:

We used “C:\ProgramData\LimagitoX\Certificates\Sharepoint” as output path for the certificate files
We used Test123! as password
Our certificate is valid for two years > -NotAfter (Get-Date).AddYears(2)

# This PowerShell script will create the certificate files under the following directory
$certPath = "C:\ProgramData\LimagitoX\Certificates\Sharepoint"
New-Item -ItemType Directory -Path $certPath -Force | Out-Null
 
$cert = New-SelfSignedCertificate -Subject "CN=FileMoverCert" `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -KeyExportPolicy Exportable `
    -KeySpec Signature `
    -KeyLength 2048 `
    -KeyAlgorithm RSA `
    -HashAlgorithm SHA256 `
    -NotAfter (Get-Date).AddYears(2)
 
$password = ConvertTo-SecureString -String "Test123!" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "$certPath\FileMover.pfx" -Password $password
Export-Certificate -Cert $cert -FilePath "$certPath\FileMover.cer"
 
Write-Host "Certificate created!" -ForegroundColor Green
Write-Host "Thumbprint: $($cert.Thumbprint)"
Write-Host "Upload $certPath\FileMover.cer to Azure Portal"

Open PowerShell as Administrator (Run as Admin ..) and paste the script + <Enter>

limagito file mover create a certificate

If you need any help about this ‘create a certificate’ article, please let us know.

Best Regards,

Limagito Team

#certificate #managedfiletransfer #filetransfer #filemanagement

By Limagito-Team How-to certificate, pwershell, SharePoint

30 Oct
Sharepoint Authentication using Client ID and Certificate
..using Client ID and Certificate
Although we recommend our OAuth 2.0 authorization code flow , we received a request from a customer who wanted to use the Client ID and Client Secret to authenticate. We had this already available as Auth Type ‘Online Authentication using Client Credentials without User Dialog’. It appeared this option was outdated, so we updated that part of our code. Later we found out that for newly created SharePoint Sites, this ‘Client ID and Client Secret’ authentication no longer worked. It was replaced by ‘Client ID and Certificate’ authentication, so we added this option as well.
Limagito FileMover Setup
Setup
Set Site Url and Directory
Select ‘Online Authentication using Client Credentials without User Dialog’ as Auth Type
OAuth2
Set Token Endpoint URL to: https://login.microsoftonline.com/%realm/oauth2/v2.0/token
Set Scope to: https://yourSite.sharepoint.com/.default
Set Realm (= Directory Tenant ID)
Security
Add your private Key File (.pfx)
Add password if needed
How to create a self signed certificate using PowerShell
Azure Setup
Register an application
Overview
Application (client) ID is being used in the filemover OAuth2 setup
Directory (tenant) ID is being used in the filemover OAuth2 setup
Authentication Setup
Certificates & secrets Setup
Upload the public part of your certificate here (.cer)
API permissions Setup
Add permission: SharePoint > Sites.ReadWrite.All
Owners Setup
Optional, you could use the ‘Integration assistant’ to do a check. Select ‘Daemon’ as Application type and set ‘Calls APIs’ to Yes
Access control check
Open your ‘SharePoin admin center’
Access control > Apps that don’t use modern authentication
Allow access

If you need any help about this ‘Client ID and Certificate’ option, please let us know.
Best Regards,
Limagito Team
#sharepoint #managedfiletransfer #filetransfer #filemanagement
By Limagito-Team SharePoint certificate, SharePoint