Create SharePoint Feed

Graphlit supports ingesting files from SharePoint document libraries.

The createFeed mutation enables the creation of a feed by accepting the feed name, type and site feed parameters and it returns essential details, including the ID, name, state, and type of the newly generated feed.

Depending on the specified type parameter, Graphlit requires the specific feed parameters including the SharePoint authenticationType, accountName, libraryId and tenantId.

Mutation:

mutation CreateFeed($feed: FeedInput!) {
  createFeed(feed: $feed) {
    id
    name
    state
    type
  }
}

Variables:

{
  "feed": {
    "type": "SITE",
    "site": {
      "type": "SHARE_POINT",
      "sharePoint": {
        "authenticationType": "APPLICATION",
        "accountName": "redacted",
        "libraryId": "redacted",
        "tenantId": "redacted"
      }
    },
    "name": "SharePoint Feed"
  }
}

Response:

{
  "type": "SITE",
  "id": "f648fb46-951c-4741-b881-72ae6ffaaf85",
  "name": "SharePoint Feed",
  "state": "ENABLED"
}

SharePoint Libraries

You can enumerate the available libraries, across your SharePoint sites, with the sharePointLibraries query.

This accepts the same authentication properties as the createFeed mutation above, described in the site/sharePoint field.

Query:

query SharePointLibraries($properties: SharePointLibrariesInput!) {
  sharePointLibraries(properties: $properties) {
    accountName
    results {
      libraryName
      libraryId
      siteName
      siteId
    }
  }
}

Variables:

{
  "properties": {
    "authenticationType": "APPLICATION",
    "tenantId": "redacted"
  }
}

Response:

{
  "accountName": "redacted",
  "results": [
    {
      "libraryName": "Documents",
      "libraryId": "redacted",
      "siteName": "Communication site",
      "siteId": "redacted"
    }
  ]
}

Authentication

The SharePoint feed supports APPLICATION and USER authentication, selected by the authenticationType field.

Application Authentication

When using Application authentication, the owner of the SharePoint document library must consent to the Graphlit Platform application registered in Azure Active Directory before calling thecreateFeed mutation.

By executing the sharePointConsentUri query, and passing the Azure AD tenantId variable, you will receive a URL which can be visited to provide admin consent to the Graphlit Platform application.

The consent page asks for read-only permissions to SharePoint sites and files, which are required for the recurrent feed ingestion from SharePoint document libraries.

Mutation

query SharePointConsentUri($tenantId: String!) {
  sharePointConsentUri(tenantId: $tenantId) {
    uri
  }
}

Variables

{
  "tenantId": "redacted"
}

Response

{
  "uri": "https://login.microsoftonline.com/redacted/adminconsent?client_id=redacted&redirect_uri=https%3A%2F%2Fdata-scus.graphlit.io%2Fapi%2Fv1%2Fmicrosoftgraph%2Fnotify%2F&state=redacted"
}

User Authentication

Variables

{
  "feed": {
    "type": "SITE",
    "site": {
      "type": "SHARE_POINT",
      "sharePoint": {
        "authenticationType": "USER",
        "accountName": "redacted",
        "libraryId": "redacted",
        "refreshToken": "redacted"
      }
    },
    "name": "SharePoint Feed"
  }
}

To get a refresh token, you need to make a POST request to the /token endpoint.

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={client_id}
&scope=https://graph.microsoft.com/.default
&code={code}
&redirect_uri={redirect_uri}
&grant_type=authorization_code
&client_secret={client_secret}

In the request body, provide the code that you received in the previous authorize call, the client ID, and the client secret.

The response includes an access token and a refresh token, which can be provided to the createFeed mutation for accessing end-user's files in the Graphlit Platform services.

{
  "token_type": "Bearer",
  "scope": "https://graph.microsoft.com/.default",
  "expires_in": 3600,
  "ext_expires_in": 3600,
  "access_token": "redacted",
  "refresh_token": "redacted"
}

Optional: Azure AD Application Registration

If using user authentication, and you have not yet registered an Azure AD application, here are the steps:

2. In the left-hand navigation pane, select "App registrations" and then select "New registration".

3. When the "Register an application page" appears, enter your application's registration information:

   • Name: Enter a meaningful application name that will be displayed to users of the app

   • Supported account types: Select which accounts you would like your application to support

   • Redirect URI (optional): Set to the appropriate URI where authentication responses can be sent and received by your app

4. After you've completed registration, Azure AD will assign your app a unique client identifier (the Application (client) ID), a crucial value that you use in your app configuration.

Set permissions in Azure AD

The app requires delegated permissions to access resources in the Microsoft Graph API. These permissions must be granted by the user or an administrator at sign-in.

1. In your app registration page in the Azure portal, find the "API permissions" section and select "Add a permission".

2. In the "Request API permissions" page, select "Microsoft Graph".

3. Choose "Delegated permissions", then in the "Select permissions" section, add the following permissions:

   • Files.Read.All

   • Sites.Read.All

4. Click on "Add permissions" to save your changes.

Obtain User Consent

Before your application can get tokens from the Microsoft identity platform, users or administrators need to grant permissions to the application, a process known as consent. To request consent, construct a request URL that directs the user to the /authorize endpoint. You can add this request to a sign-in button in your application.

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={client_id}
&response_type=code
&redirect_uri={redirect_uri}
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345