Microsoft has three file storage options:
- OneDrive Personal
- OneDrive Business
These have recently been unified into one new OneDrive API https://dev.onedrive.com and oAuth is preferred method of authentication.
However there are some key differences how the API:
- OneDrive Personal authenticates against oAuth account created at Microsoft Application Registration Portal using a Microsoft account (Live, Microsoft.com). Authentication url is: https://login.live.com/oauth20_authorize.srf
- OneDrive Business and Sharepoint authenticate against oAuth account created in Azure Active Directory and must be done with Office 365 account. Authentication url is: https://login.microsoftonline.com/common/oauth2/
You can create two types of applications that will have different methods and parameters:
- Web application – web site based application that user can sign into. Require definition of an active redirect url and definition of client secret. Scopes or permissions are identified on the fly when authentication is made.
- Native client application – Android, ‘head-less’ server app, etc. Requires only definition of an unique redirect uri and scopes or permissions that Office 365 account / user have available eg read & write files, etc.
The process for authentication is similar:
- Sign-in with user account/password or send authentication url to authentication server to get authentication code.
- Server sends back url with authentication code.
- Retrieve authentication code from url.
- Send another url comprised of code and other parameters back to server to get tokens.
- Use tokens to list, view, upload, download files etc.
There are development SDKs available for popular languages.
I was only interested in thePython SDK . Some key notes about it include:
- It is created specifically for web applications, not native client applications. The SDK authentication method relies on using a web browser to pass urls with parameters, codes and tokens back and forth. A native client application will not use web browser. A work around was to use head-less browser but that is a bit hacky.
- It only has OneDrive Personal authentication urls. To use this with OneDrive Business or Sharepoint these urls are easily replaced with the OneDrive Business authentication urls in two files: auth_provider.py and the onedrivesdk_helper.py.
The change to the unified OneDrive API and oAuth authentication only happened in late 2015 so this is pretty new.
There weren’t many well developed or well documented OneDrive Python example code available.
Note it is still also possible to work with OneDrive Business, Sharepoint and OneDrive Personal without using oAuth authentication and this new OneDrive API by simply using urllib, request and templating along with hard coded Office 365 username and password in your code to authenticate.
Finally Microsoft Graph API can be used to interact with OneDrive Business, Sharepoint and OneDrive Personal once oAuth is setup.