...
Register in the Entra Admin center to receive client_id, client_secret, and tenant_id.
Make sure you specify a Web URI re-direct that points to the redirect_url value as specified in the configuration below.
It is not necessary to add an Access token or ID token because browse-everything uses the auth code flow
Add a new client secret for the application registration (max length is 24 months). Before moving on, copy the secret value for the config file (see below). It will not be accessible in the future.
Add API permissions , select type for the application registration. Select type API permissions → Microsoft Graph → Delegated permissions. If using .default endpoint as your scope, minimum permissions should be:
offline_access
openid
profile
Files.Read
Files.Read.All
Files.Read.Selected
Team.ReadBasic.All
User.Read
Learn more about permissions: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis
Add these values to Avalon’s settings file:. Note that scope is a default value that can be copied over
| Code Block | ||
|---|---|---|
| ||
dropbox:
sharepoint:
# Client id and secret generated for the application by Entra Admin Center
# when registering the app
client_id: CLIENT_ID
client_secret: CLIENT_SECRET
# Tenant (organization) id found in Entra Admin Center
tenant_id: TENANT_ID
# Redirect URI assigned in Entra. For Avalon, should be base host name
# with /browse/connect, e.x. 'http://example.com/browse/connect'
redirect_uri: https://avalon-dev.dlib.indiana.edu/browse/connect
# offline_access is needed for refresh tokens to be issued
# .default allows setting permissions through Entra admin dashboard
scope: offline_access https://graph.microsoft.com/.default |
...