SharePoint Online

Enhanced Advanced

Note

The SharePoint Online integration only supports the SharePoint REST API v1. Please see the Microsoft Graph integration guide for details on how to leverage services, including the SharePoint REST API v2, that are accessible via the Microsoft Graph API.

Create application in Microsoft Entra

Register application

The Microsoft Azure administrator registers a new OAuth Application in Microsoft Entra. Application registration will have different requirements depending on the authentication type of the OAuth integration in Posit Connect:

Viewer Integration

The Azure administrator adds a redirect_uri for the OAuth application as seen in the screenshot below. Azure sends the user credentials to the redirect_uri at the end of the OAuth handshake, allowing Posit Connect to obtain a temporary access token and refresh token.

The OAuth application is configured with the following redirect URL (sometimes referred to as a callback URL): https://connect.example.org/__oauth__/integrations/callback. Replace connect.example.org with the address of the Connect server.

Service Account Integration

Service account integrations do not direct the user through a login flow, so a redirect_uri is not required.

Add API permissions

Within the API permissions section of the registered app in Microsoft Entra, the Azure administrator adds SharePoint Online permissions for the OAuth application. API permissions define the capabilities granted to the user when they request credentials from this OAuth application. These permissions are also referred to as scopes.

Add SharePoint API permissions.

Depending on which permissions are required, the Azure administrator provides additional scopes values to the Connect administrator. By default the SharePoint integration includes the .default scope, which inherits all of the configured API permissions for the SharePoint resource on the registered app and cannot be combined with other scopes. If you would like to define scopes individually then you must not include the .default scope or authorization will fail due to an overlap in permissions.

The offline_access scope must always be included so that a refresh token is returned along with the access token.

Choose only the permissions that are required by your application.

Create OAuth integration in Posit Connect

The Posit Connect administrator creates an OAuth integration through the Integrations tab on the Connect dashboard. Once the OAuth integration has been created in Connect, it is available for use by all publishers.

Create SharePoint integration in Connect.