Microsoft Graph API

This section describes how you can configure the REST connector in Flow Connect to communicate with Microsoft Graph API with Open ID connect.

App Registration

1. Create a new app registration in Azure

2. Under Authentication section add a new platform configuration for Single-page application
3. Add redirect URI and choose Configure
4. Similarly, you can add redirect URI nccloud://openid for iOS and Android platforms

5. Under API permissions you can add permission for different Microsoft APIs. For the purpose of this documentation, we will add Graph API > Mail.Read operation.
6. Optionally, under the Certificates & secrets section create a client secret for your app registration. Copy the client secret value and store it securely.
7. Upon the successful app registration, copy the values for the Application (Client) ID & Directory (Tenant) ID
8. Finally, under the Endpoints copy the OpenID Connect metadata document URL.

Configure the REST Connector

2. Enter the configuration values as described below

   Configuration

   Description

   Agent Group

   Agent group where the connector should be executed

   Base URL

   Authentication Type

   Choose OpenId Authentication as the Authentication Type.

   • Give a display name

   • Authorization Endpoint - Add OpenID Connect meta data URL excluding ".well-known/openid-configuration"
   • Client ID - Copied Application (Client) ID

   • Scopes - Keep the default "openid"

   • Advanced Options

     • Additionally, you can define advanced options like extra query parameters.

       For example,

       prompt = select_account will force the user to select an account if the user has multiple accounts authenticated or previously used on the authorization server.

     • Disable Validate Endpoints, Validate Issuer Name, Validate Token Issuer Name

3. Choose Save

Example connector configuration: