During setup, note the Graph Auth Client ID, which must be entered when configuring an External Publishing site to the SharePoint Online application.
The external publishing module supports SharePoint Online with modern authentication. Users can now publish, republish, and unpublish documents to SharePoint Online. This integration requires an Azure App Registration with proper permissions.
To use SharePoint Online publishing, an Azure App Registration must be created with the following delegated permissions (scopes) for Microsoft Graph
During setup, note the Graph Auth Client ID, which must be entered when configuring an External Publishing site to the SharePoint Online application.
<aside> ⚠️
Please note:
Security notes
| Permission | Why it’s needed |
|---|---|
| openid | |
| profile | |
| offline_access | required for sign-in and refresh token support. |
| Files.ReadWrite.All | allows the application to list and upload files anywhere the signed-in user has access. |
| Site.Read.All | required to search and enumerate sites, enabling the site and library tree to be built. |
New app registration named IntraNote_TNO (or whatever naming convention used)
Under API permissions, add Delegated Graph API permissions listed in the table above. Delegated permissions (Your application needs to access the API as the signed-in user)
Grant Admin consent for MSFT (ensures that uses can accept access, and admin should not do it for every user)
Under Certificates and Secrets, create a new secret “TNO_Secret”, expire 730 days (24 months).
Save/copy the key in Value (Not the Secret Id), it cannot be copied later.
Under Authentication, Add Platform / Web, and add Redirect URI:
https://tno.<yourdomain>/Pages/AuthLoginAuthorize.aspx