As part of the security best practices, a lot of admins in Office 365 setup their password policy in a way that the password needs to be changed every 3 months. Though this is very good for end user account security, it can pose challenge for service accounts being used in the applications to make REST or CSOM calls to SharePoint Online as these external apps can be broken if password for service account is changed in Office 365 but is not modified in the application code.
Access tokens in an AgilePoint NX application can run into same scenario if service account which is used in access token has a password which gets modified every 3 months and it has been configured for claims based authentication which utilizes the password.
This is where OAuth2 authentication comes to the rescue. Instead of authenticating using service account, you can use app based authentication which is OAuth2 based. This way your service account password can change every 3 months without you being effected by the change.
Please follow the following steps to generate client id and secret to create access tokens in AgilePoint NX. I have explained here using a dummy app however if users have some existing apps which have desired permissions, they can use the client id and secret from that app.
Step 1: Register dummy app in O365 : Navigate to the SharePoint Office365 page <<SharePoint site url>>/_layouts/15/appregnew.aspx for ex : https://agilepoint462.sharepoint.com/Sites/qa/_layouts/15/appregnew.aspx
On appregnew page you can generate new client secret and client id by clicking on generate button and then provide some dummy data in rest of the fields as shown below and then click on create button. After it is created you can use this client secret and client id to create access token in AgilePoint.
Client Id: XXXXXX
Client Secret: XXXXXX
App Domain: www.agilepoint.com
Redirect URI: https://www.agilepoint.com
Note: Please save your client id and secret in a permanent location as you won’t be able to retrieve it later.
Step 2: Assign Permission to the dummy app: Navigate to the SharePoint Office365 page <<SharePoint site url>>/_layouts/15/appinv.aspx for ex : https://agilepoint462.sharepoint.com/Sites/qa/_layouts/15/appinv.aspx and in app id field provide the above create client id and click lookup button, it will display your app’s information on the page. In the Permission Request XML field just paste the below xml and click save.
<AppPermissionRequest Scope=”http://sharepoint/content/sitecollection/web” Right=”FullControl” />
<AppPermissionRequest Scope=”http://sharepoint/content/sitecollection” Right=”FullControl” />
Note: Please copy this text into a notepad first and replace all double quotes with proper format before copying that over to SharePoint page. WordPress messes up the double quote format which if pasted directly in the SharePoint page will throw an error.
On the next page click on Trust it button and your dummy app will be registered and permissions are assigned and it is ready to use.
Step 3: Go to AgilePoint Portal -> Manage and create a SharePoint access token. Provide your Office 365 site collection URL and select Oauth2 Authentication -> Office 365 and provide your client id and secret and click on test connection button to see if the authentication succeeds.