You must obtain the following client information and endpoints in order to retrieve the OAuth tokens necessary for connecting to a SharePoint site.

  • Client ID - the client ID for your application
  • Client Secret - the client secret for your application
  • Authorization URI - the endpoint for obtaining an authorization code from the Azure authorization service
  • Token URI - the endpoint used to exchange authentication credentials for access tokens

Take the following steps to obtain application client information and endpoints.

  1. Go to the Azure portal.

    https://portal.azure.com

  2. Select Azure Active Directory.
  3. Select App registrations on the left.
  4. Select the app that you have created.
  5. From the app overview page, record the ClientID.
  6. Obtain your ClientSecret.
    1. Select Certificates & secrets.
    2. Click New client secret.
    3. Enter description and choose an expiry option.
    4. Click Add.
    5. Copy the ClientSecret to a secure location.
  7. Obtain authorization URI and token URI endpoints.
    1. Return to the Overview page for your application.
    2. Click Endpoints to display authorization and token endpoints associated with the application.

      Two different APIs can be used to manage user and application permissions: Azure Active Directory (v1) and Microsoft Identity Platform (v2). As shown in the following examples, authorization and token endpoints have different formats, depending on which API you are using.

      • Azure Active Directory (v1) authorization endpoint

        https://login.microsoftonline.com/common/oauth2/authorize

      • Microsoft Identity Platform (v2) authorization endpoint

        https://login.microsoftonline.com/common/oauth2/v2.0/authorize

    3. Record the AuthURI.
      • For v1, the AuthURI consists of the OAuth 2.0 authorization endpoint (v1) appended with ?resource=<resource_uri> where the <resource_uri> is the base URL for your SharePoint site. For example:
        https://login.microsoftonline.com/common/oauth2/authorize?resource
   =https://mycorp.sharepoint.com/
      • For v2, the AuthURI is the OAuth 2.0 authorization endpoint (v2). However, for v2, you must provide permissions via the Scope property. See Determine the Scope for details.
    4. Record the TokenURI.
      • For v1, the TokenURI is the OAuth 2.0 token endpoint (v1).
      • For v2, the TokenURI is the OAuth 2.0 token endpoint (v2).