This document provides guidance on installing and configuring the OAuth2 Graph API App.


System and Version


Novacura Flow Server


Novacura Flow Studio



REST Service

Installation Components

Azure Services

Microsoft Graph

Create an App Registration for reading emails and attachments in a unified inbox. The App Registration needs Mail.Read permissions to be able to access the mailbox.

You will need to add additional permissions if you plan to utilize more functionality against the Graph API in other workflows.

Read more in the how-to guides Create App Registration and Limit Permissions to a Specific Mailbox.

  • Navigate to the registered Microsoft Graph application's Authentication page

  • Add ncflow://authenticate value to Mobile and desktop applications' Redirect URIs' list

  • Add value to Mobile and desktop applications' Redirect URIs' list

The ncflow://ncflowsuccess value is needed instead, if it is used External App Launcher integration call back.

  • For this Flow to work to read your attachments of your mailbox, two REST APIs are used: List Messages and List Attachments.

  • Please read up on the Permissions needed to use this API at the respective links.

Flow Connectors

REST Connector

Microsoft Graph API

A REST Connector Project must be set up to utilize Microsoft Graph APIs.

Create a new REST Service Connector named "Microsoft Graph REST" and import the configuration file "Microsoft Graph REST.ncrcp." For more information see Import a REST Configuration.

  • Enter a Base Address

  • Set up the parameters for OAuth2 authentication



To enable OAuth2 Authentication in REST connector

Access Token URLec

URL to get token


URL to authorize

Client ID


The Application (client) ID that the Azure portal – App registrations experience assigned to your app.

Client Secret


The application secret that you created in the app registration portal for your app. You shouldn't use the application secret in a native app or single page app because client_secrets stored on devices or web pages are not reliable.


For ID tokens, must be updated to include the ID token scopes - openid, and optionally profile and email.

Extra query parameters

{"login_hint": "", "prompt": "login"}

To add extra paramters if needed. It has to be in JSON format.


Make sure that you have created all services, connectors, and Flow properties before importing the workflows.

1. Import Workflows

Import workflows in the file "Outlook Attachment Component 2.0.0.wap".

For additional details see Import Workflows.

2. Setting Menu Roles

Together with the imported workflows there will also be a menu. Connect the menu to your roles to make them available for users.

For details see Setting Menu Roles.

3. Publishing Workflows

Within the Server Contents Window right-click on the Form Recognizer folder and select “Publish”. This process can take a few minutes but once complete, a Publish Successful message will be displayed.

If you receive any errors during the publication of the workflow. Please review the error detail and consult your support contact with the relevant information.

The workflows will now be available to execute on your chosen Flow client.

For details see Publishing Workflows.

Last updated