Generate SharePoint OAuth Tokens

To connect SharePoint to a Knowledge Hub knowledge base, you must either provide your SharePoint credentials to NiCE Professional Services or enter them in Knowledge Hub yourself. This page describes how to generate those credentials, also called OAuth tokens. You should treat the OAuth tokens like passwords. Be sure to store them in a secure location. If you lose them, you'll have to regenerate them.

This method is a developer effort. It requires knowledge of Python and SharePoint admin privileges.

Complete each of these tasks in the order given.

Install Python

Complete this task if you don't already have Python installed on your computer.

  1. Install Python Box with arrow indicating navigation to external site..

  2. Run the installer. Select the box for Add python.exe to PATH, then click Install Now.

Register Your SharePoint Site

Register your SharePoint site with Microsoft Azure.

  1. Navigate to portal.azure.com Box with arrow indicating navigation to external site. and sign in.

  2. Use the search bar at the top to search for App registrations and select it in the results.

  3. Click New registration.

  4. Enter the Name of your SharePoint site.

  5. Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).

  6. Click Register.

Copy and Store Client ID and Tenant ID

When you register your SharePoint site, Azure automatically generates the client ID and tenant ID. These are two of the credentials needed to connect SharePoint to Knowledge Hub.

  1. If you haven't already, open the site registration you created in the previous section.

  2. Click Overview in the left menu.

  3. Copy and paste the following credentials into a secure location:

    • Application (client) ID

    • Directory (tenant) ID

Add a Client Secret

Then, add a client secret for this app registration. This generates a client secret value and client secret ID, two more credentials you need to provide to Knowledge Hub.

  1. In the app registration you created, click Manage > Certificates & secrets in the left menu.

  2. Click the Client secrets tab.

  3. Click New client secret.

  4. Enter a Description for this client secret.

  5. In the Expires drop-down, select the amount of time you want to pass before the client secret expires. NiCE recommends 730 days (24 months).

  6. Click Add.

  7. Copy and paste the following credentials into a secure location:

    • Value

    • Secure ID

    After you copy the secure ID, it is hidden.

Configure the Redirect URI

Next, configure the redirect URI for this app registration.

  1. In the app registration you created, click Manage > Authentication in the left menu.

  2. Click Add a platform.

  3. In the Configure platforms form, select Web.

  4. Under Redirect URIs, enter https://{aws-region}.console.aws.amazon.com/appflow/oauth. For example, if you are in the us-west-2 region, enter the following: https://us-west-2.console.aws.amazon.com/appflow/oauth

    Do not select the checkboxes at the end of the form.

  5. Click Configure.

Add API Permissions

Then, add API permissions to the app registration.

  1. In the app registration you created, click Manage > API permissions in the left menu.

  2. Click Add a permission.

  3. In the Request API permissions form, select Microsoft Graph.

  4. Select Application permissions.

  5. In the search bar that appears, enter Sites.

  6. Select each permission that appears under the Sites drop-down and click Add permissions.

  7. In the Configured permissions list, click Grant admin consent for NiCE.

    In the Status column, green check marks appear with the text Granted for NiCE.

Copy and Store Site ID and Drive ID

Next, use Microsoft Graph to generate the site ID and drive ID, two more credentials you need to provide to Knowledge Hub.

  1. Navigate to developer.microsoft.com/en-us/graph/graph-explorer Box with arrow indicating navigation to external site.. Sign in using the same credentials you used on portal.azure.com.

  2. In the query bar at the top, enter https://graph.microsoft.com/v1.0/sites/root and click Run query. Make sure the drop-downs to the left of the query bar are set to GET and v1.0.

  3. Locate the site ID in the id attribute of the response. Copy and paste it into a secure location.

  4. Enter https://graph.microsoft.com/v1.0/sites/{site-id}/drives in the query bar. Replace {site-id} with the ID you retrieved in the previous step. Click Run query.

  5. Locate the drive ID in the id attribute of the response. Copy and paste it into a secure location.

Prepare OAuth Tokens

Then, prepare the OAuth tokens for use in your Python script by using the template below.

  1. Copy and paste the following lines of code into a text editor:

    
redirect_uri = '[Enter Redirect URI]'
client_id = '[Enter Client ID]'
client_secret = '[Enter Client Secret]'
tenant_id = '[Enter Tenant ID]'
token_url = f"https://login.microsoftonline.com/[tenant_id]/oauth2/v2.0/token"

  2. Change the value of the redirect_uri attribute to https://{aws-region}.console.aws.amazon.com/appflow/oauth. This should match the URL you entered in the Redirect URIs field in the app registration you created. For example, in us-west-2, enter the following: https://us-west-2.console.aws.amazon.com/appflow/oauth

  3. Change the value of the client_id attribute to the Application (client) ID of the app registration you created.

  4. Change the value of the client_secret attribute to the client secret value of the app registration you created.

  5. Change the value of the tenant_id attribute to the Directory (tenant) ID of the app registration you created.

  6. Change the value of the token_url attribute. Replace [tenant_id] with your Directory (tenant) ID.

Run the Python Script

Finally, run a Python script to retrieve your SharePoint access token, refresh token, and auth code.

  1. Open a text editor and start a Python file.

  2. Copy and paste the lines of code from this TXT file into your Python file.

  3. Replace the values of lines 5 through 9 with the OAuth tokens you prepared.

  4. Open any IDE and run the Python script.

  5. Copy the URL the script generates. Paste it into your browser.

  6. Authorize your account. This should be the same account you used on portal.azure.com.

  7. Copy the URL of the page that appears. It should begin with https://{aws-region}.console.aws.amazon.com/appflow/oauth?code=. For example, if you are in us-west-2, it would look like this: https://us-west-2.console.aws.amazon.com/appflow/oauth?code=

  8. Navigate back to your IDE. Paste the URL after the prompt Enter the redirected URL:.

  9. Press Enter. Your access token, refresh token, and auth code are generated in a file named sharepoint_credentials.txt. That file is automatically saved to your desktop.