Skip to content
This repository has been archived by the owner on Dec 2, 2017. It is now read-only.

Latest commit

 

History

History
175 lines (133 loc) · 9.33 KB

app-registration.md

File metadata and controls

175 lines (133 loc) · 9.33 KB

Registering your app for OneDrive API

To use the OneDrive API, you need to first register your app and receive a Client ID to represent your application in API calls.

Right now, OneDrive and OneDrive for Business use two different app registration systems. We're working on that.

Jump to:

Register your app for OneDrive

To register your app to connect with OneDrive, you'll need a Microsoft account.

  1. Go to the Microsoft Application Registration Portal.
  2. When prompted, sign in with your Microsoft account credentials.
  3. Find My applications and click Add an app.
  4. Enter your app's name and click Create application.
  5. Scroll to the bottom of the page and check the Live SDK support box.

After you've completed these steps, an application ID and application secret are created for your app and displayed on your new app's properties page.

Important Treat the value of client secret the same as you would a user's password. The secret represents the key to your application and, if made available, can be used to impersonate your application.

Under the Platforms header, configure details about your app. By default a new app is created as a web app and needs one or more redirect URIs. To enable native client flows for your app as well, click the Add Platform button and choose Mobile.

Microsoft account uses scopes to determine which API your app can access, and these scopes are included in the OAuth flow when the user logs in. For more information about how to authenticate a user with your app, see OneDrive authentication and sign-in.

Register your app for OneDrive for Business

To register your app to work with OneDrive for Business, things are more complex. You need an Office 365 subscription and an Azure subscription to get started. You register your app with Azure Active Directory and then request permissions for OneDrive for Business.

1. Get an Office 365 subscription

If you don't have one, you need to create an Office 365 Developer Site. This site represents your {tenant}. There are several ways to create one:

  • An MSDN subscription - This is available to MSDN subscribers with Visual Studio Ultimate and Visual Studio Premium.
  • An existing Office 365 subscription - You can use an existing Office 365 subscription, which can be any of the following: Office 365 Midsize Business, Office 365 Enterprise, Office 365 Education, Office 365 Government.
  • Free trial - You can start with a free 30-day trial, or buy an Office 365 developer subscription.
  • Purchase a subscription - You can purchase an annual developer subscription for $99.00 per year.

After signup, use the resulting userid (in the format [email protected]) to sign in to your portal site where you administer your account. Your Office 365 Developer Site is provisioned at your new domain:

http://{tenant}.sharepoint.com.

For more info, see Get an Office 365 Developer Site.

2. Set up an Azure Active Directory tenant

You will need to set up an Azure Active Directory (Azure AD) tenant and associate it with your Office 365 Developer Site. An Azure AD tenant gives you access to the management portal in Microsoft Azure, where you can add users, roles, and apps.

You can use the Azure AD tenant that was created when you created your Office 365 subscription to register and authenticate your apps. To access this underlying tenant from your Office 365 Admin Center, you'll use the next procedure to create a subscription and manage your Azure tenant.

  1. Sign in to your Office 365 tenant and go to the Office 365 admin center.
  2. In the same browser, open a new tab and sign in to Microsoft Azure by navigating to Azure Active Directory. If you are prompted to sign in with your organizational account, do so and then sign in with your Office 365 credentials.
  3. Create a new Azure subscription.
  4. After you create your subscription, choose Portal.

You should now see all items in the Azure tenant. It lists a single directory with the name of your Office 365 tenant.

If you already have an existing Azure AD tenant, you can associate it with your Office 365 subscription by following these steps:

  1. Sign in to the Microsoft Azure Management portal with your existing Azure credentials (for example, your Microsoft ID such as [email protected]), and navigate to the Active Directory node.
  2. Choose the Active Directory node, then choose the Directory tab and, at the bottom of the screen, choose New. In the next dialog box, choose Use existing directory, select the check box, and then choose the check mark in the lower-right corner. This brings you back to the Azure Management Portal.
  3. Sign in with your Office 365 subscription information. You will be prompted whether to use your directory with Azure.
  4. Choose Continue and a screen appears to confirm your action. Now, choose Sign out now.
  5. Close the browser and open the portal again. Otherwise, you will get an access denied error.
  6. Sign in again to your Azure subscription (for example, with your Microsoft ID). Navigate to the Active Directory node and, under Directory, you should now see your Office 365 subscription.

For more info about setting up an Azure AD tenant, see Set up Azure Active Directory access for your Developer Site.

3. Register your app with Azure Active Directory

To authenticate your app, you need to register your app with Azure AD, and provide some details about your app. You can register your app manually by using the Azure Management Portal, or by using Visual Studio.

To register your app manually, see Manually register your app with Azure AD so it can access Office 365 APIs.

To register your app by using Visual Studio, see Using Visual Studio to register your app and add Office 365 APIs.

After you've registered your app, Azure AD will generate a client ID and client secret (web apps only) for your app. You'll need to use this client ID to get your access token.

Important Treat the value of your client secret the same as you would a user's password. The secret represents the key to your application and, if made available, can be used to impersonate your application.

When you register your app in the Azure Management Portal, you will need to configure details about your application with the following steps:

  1. Specify whether your application is a mobile, desktop, or web application.
  2. Specify the app endpoint. Azure will use this endpoint for redirection during authentication (i.e. the Redirect URLs that your app will use during the login process). For security purposes, all redirect URLs must be on the same root domain, except if your app is a web app. For web apps, specify a sign in URL and app URI.
  3. For web apps, specify whether to make your app available only in the Azure tenancy you registered it in, or across multiple tenancies.
  4. For web apps, generate the app secret and its duration.
  5. Specify the permission levels your app requires from the Office 365 API applications in Azure using app permissions. Using OneDrive API or the file picker requires at least Read user files. Uploading, editing, or sharing files requires the Read and write user files permission.

Authentication scopes for OneDrive for Business and SharePoint

To add, remove, or update an application on Azure AD, see Adding, Updating, and Removing an Application.

Phew. Now you have everything set up to connect to your app to OneDrive for Business. For information on how to authenticate, see OneDrive for Business authentication and sign in.