OAuth Flow for Onedrive for Business

1
votes

For OAuth 2.0 flow for OneDrive for Business, should one use: https://login.microsoftonline.com/common/oauth2/v2.0/authorize

As well as passing along a scope?

According to this MS blog post, onedrive, onedrive for business, etc should be able to use this new V2 OAuth 2.0 flow: https://blogs.msdn.microsoft.com/richard_dizeregas_blog/2015/09/04/working-with-the-converged-azure-ad-v2-app-model/

Or, should it be: https://login.microsoftonline.com/common/oauth2/authorize

And have permissions set up in AAD for the application?

When using the former (v2 OAuth), I keep getting errors saying my scopes are invalid: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope offline_access onedrive.readwrite is not valid.

When using the latter I keep getting the following error: unauthorized_client AADSTS70001: Application 'xxxx' is not supported for this API version. Trace ID: d5d359ad-2e6b-468d-9a95-df51656e9cc9

I have OneDrive working for user accounts using the live APIs, but since they are deprecated and it looks like the user and business OneDrive accounts should use the newer APIs, this is getting confusing.

Thanks for any assistance.

1
azureoauth-2.0onedrive
Note: I was able to get things to work (at least with the OAuth flow) using the scope graph.microsoft.com/Files.ReadWrite. Graph looks like something I could get used to.bvstone
Well, while Graph works, the upload is limited to 4MB... that will never work for this project. So, I'm back to wanting to use the normal Drive APIs for personal and business. Still looking for answers to my question.bvstone

1 Answers

1
votes

To access the direct OneDrive for Business end point (instead of using Graph API) you need to follow the steps to Register an app for OneDrive for Business. This requires an Azure subscription (even though its free) and using the Azure Portal to define the permissions the application will require. After going through this provisioning, you use the second authorize end point (without v2 in the URL).

It sounds like you registered an app using the new app registration portal (apps.dev.microsoft.com) which is only compatible with the v2 OAuth end point, which only works with Microsoft Graph.

You can sidestep the Azure stuff by creating a new application ID from the Office 365 Getting Started page, however will need an Azure subscription if you need to make changes to the app later.

Also, we're working on fixing the 4MB upload limit with Graph API, although I don't have an ETA for when that will be resolved.