Microsoft deprecated
Register your App
First things first. As with every OAuth provider, you will first need to register your App with Microsoft. You can do this as follows:
- Sign in to Microsoft Azure Portal using your Microsoft account
- Choose App Registration
- Enter a name for your application in the the Application Name field
- Enter the redirect URL as advised [here]((/8.21/middleware/3rd_party_integrations.html#common-preparations) and click on "Create" button
- After the application is created you will have to generate a new password. Click on "Certificates & secrets" and click on "New Client Secret""
- Now you must enable required permission. Go to "API Permissions" and click on "Add Permission"
- Choose "Microsoft Graph" and then "Delegated permissions"
- Select the permissions that are relevant for your project. The middleware currently supports functionality for:
- The following permissions are shared among both Files and Contacts and should be enabled right away:
Configuration
In addition you have to configure the following properties in file /opt/open-xchange/etc/microsoftgraphauth.properties
:
- Enable the OAuth connector to Google OAuth:
com.openexchange.oauth.microsoft.graph=true
- Set the API key and secret, which is are the "Application Id" and the password you generated earlier in the "Register your App" section, to call the sign-in API:
com.openexchange.oauth.microsoft.graph.apiKey=REPLACE_THIS_WITH_YOUR_CLIENT_ID
com.openexchange.oauth.microsoft.graph.apiSecret=REPLACE_THIS_WITH_YOUR_CLIENT_SECRET
- Set the redirect URL. Please ensure the following conditions are met:
- The redirect URL specified in the Google App needs to be the same as the one specified by this property.
- The redirect URI uses "https://" as protocol
- The redirect URI follows the pattern: "https://" + <host-name> + "/ajax/defer"
com.openexchange.oauth.microsoft.graph.redirectUrl=
E.g. "https://myappsuite.mydomain.invalid/ajax/defer"
You can define them system-wide or via the config cascade mechanism.
Upgrade to Microsoft Graph API
Back in 2017 Microsoft announced the deprecation of Live SDK and Live Connect APIs, urging API consumers to migrate to their new Graph API. The deprecated APIs will no longer be available after November 1st, 2018.
Regarding specific module APIs within the Live SDK and Live Connect, the Contacts API functionality ceased to return user data on December 1st, 2017 and the OneDrive REST API on November 1st, 2018.
Furthermore, the OAuth tokens obtained for the previously, now deprecated APIs, will not work with the new Graph API, hence all consumers are advised to generate new tokens via the Microsoft Application Registration Portal for their Apps.
Microsoft Contacts
Required Permissions
The following Microsoft Graph Permissions are required to enable contact synchronisation:
- Contacts.Read
- Contacts.Read.Shared
- People.Read
- People.Read.All (Admin Only
- offline_access
- openid
- profile
The permissions can be enabled via the Microsoft Application Registration Portal.
Configuration
Note that the contact synchronisation will NOT happen automatically every time a new contact is added to the third-party provider's address book. A full sync will happen once the user has created her account, and periodically once per day. The periodic update can be enabled or disabled via the com.openexchange.subscribe.autorun
server property.
Also note that this is an one-way sync, i.e. from the third-party provider towards the AppSuite and NOT vice versa.
Finally, ensure that in case of an upgrade to 7.10.2 you will need to generate new access tokens. More information here.
Microsoft OneDrive
To setup the Microsoft OneDrive file store you have to install the package open-xchange-file-storage-onedrive
.
Required Permissions
The following Microsoft Graph Permissions are required to enable the OneDrive cloud storage.
- Files.Read
- Files.Read.All
- Files.Read.Selected
- Files.ReadWrite
- Files.ReadWrite.All
- Files.ReadWrite.AppFolder
- Files.ReadWrite.Selected
- offline_access
- openid
- profile
Ensure that in case of an upgrade to 7.10.2 you will need to generate new access tokens. More information here.