Document libraries on Microsoft SharePoint, accessed via Microsoft Graph. OAuth-based; tokens auto-refresh within a five-minute buffer of expiry.
| Field | Required | Sensitive | Default |
|---|---|---|---|
| Application (client) ID | Yes | Yes | — |
| Client Secret | Yes | Yes | — |
| Tenant ID | No | No | common |
| Site ID | No | No | (empty — root site) |
| Redirect URI | No | No | http://localhost:3000/oauth/callback |
If you don't specify a site id, DagFlux uses the root site of the tenant. For non-root sites, supply the site id (Microsoft Graph provides helpers to look it up from a site URL).
You register an Azure AD application in the Azure portal so DagFlux can authorise on your behalf.
Follow steps 1–5 of the OneDrive setup to register an app, copy its client ID and tenant ID, and create a client secret.
In the app's API permissions page, click + Add a permission → Microsoft Graph → Delegated permissions and add:
Sites.ReadWrite.All — read + write any SharePoint site.Files.ReadWrite.All — read + write files in those sites.offline_access — required for refresh tokens.
For read-only, replace Sites.ReadWrite.All with Sites.Read.All and Files.ReadWrite.All with Files.Read.All.
If your organisation requires admin consent, click Grant admin consent for [tenant].
If you want to scope the connection to a specific site rather than the root site:
https://contoso.sharepoint.com/sites/Marketing.contoso.sharepoint.com,<webId>,<siteId>. You can look up the GUIDs by visiting https://contoso.sharepoint.com/sites/Marketing/_api/site/id and https://contoso.sharepoint.com/sites/Marketing/_api/web/id in your browser while signed in./sites/contoso.sharepoint.com:/sites/Marketing and copy the id from the response.common for multi-tenant apps.Click Authorize, sign in with a Microsoft account that has access to the SharePoint site, and consent. DagFlux saves the tokens encrypted.
