Scope (consumer) | Description |
---|---|
office.onenote_create | Can view a list of the user's OneNote notebooks and create new pages, but cannot view or edit existing pages. Can enumerate the user's notebook hierarchy and create pages in any location. |
office.onenote_update_by_app | Can create, view, and modify all pages created by the app. |
office.onenote_update | Can create, view, and modify any content in the user's OneNote notebooks and pages. |
office.onenote | Can view OneNote notebooks and pages but not modify them. |
wl.signin | A Microsoft account permission scope. Allows your application to take advantage of single sign-on capabilities. |
wl.offline_access | A Microsoft account permission scope. Allows your application to receive a refresh token so it can work offline even when the user isn't active. This scope is not available for the token flow. |
Flow | Description |
---|---|
Token flow | Gets an access token in one call. Useful for quick access, but doesn't provide a refresh token for long term access. Also called the Implicit flow. |
Code flow | Gets an authorization code in the first call and exchanges the code for an access token in the second call. When used with the wl.offline-access permission scope, your application receives a refresh token that enables long-term access. Also called the Authorization code flow. |
Required query string parameter | Description |
---|---|
response_type | The type of authentication flow you're using. In this case, token. |
client_id | The client ID created for your application. |
redirect_uri | The redirect URL you registered for your application. Mobile and desktop apps that didn't specify one can use this: https://login.live.com/oauth20_desktop.srf |
scope | The scopes that your application requires. Example: office.onenote%20wl.sign-in |
Required query string parameter | Description |
---|---|
response_type | The type of authentication flow you're using. In this case, code. |
client_id | The client ID created for your application. |
redirect_uri | The redirect URL you registered for your application. Mobile and desktop apps that didn't specify one can use this: https://login.live.com/oauth20_desktop.srf |
scope | The scopes that your application requires. Example: office.onenote wl.signin wl.offline_access |
Required body parameter | Description |
---|---|
grant_type | The grant type of the request. In this case, authorization_code. |
client_id | The client ID created for your application. |
client_secret | The client secret created for your application. |
code | The code you received as a URL parameter in the previous step. |
redirect_uri | The redirect URL for your application. This must match the redirect_uri in the first request. |
401 Unauthorized
response. Your app should handle this response and check the token expiration before sending requests.Required body parameter | Description |
---|---|
grant_type | The grant type of the request. In this case, refresh_token. |
client_id | The client ID created for your application. |
client_secret | The client secret created for your application. |
redirect_uri | The redirect URL for your application. This must match the redirect_uri that you used to obtain the tokens. |
refresh_token | The refresh token you received previously. |
Required query string parameter | Description |
---|---|
client_id | The client ID value created for your application. |
redirect_uri | The redirect URL for your application. This must match the redirect_uri that you used to obtain the tokens. |
[email protected]
or [email protected]
).[email protected]
or [email protected]
).[email protected]
).[email protected]
or [email protected]
).Scope (enterprise) | Permission in Azure portal | Description |
---|---|---|
Notes.Create | Create pages in OneNote notebooks | Can view the titles of your notebooks and sections; create new pages in any location. Cannot view or edit existing pages. |
Notes.ReadWrite.CreatedByApp | Application-only OneNote notebook access | Can view the titles of your notebooks and sections; create new pages; rename sections; view and modify pages created by the app. Cannot view or modify pages created by other apps or in password protected sections. |
Notes.Read | View OneNote notebooks | Can view the contents of your notebooks and sections. Cannot create new pages; modify existing pages; access password protected sections. |
Notes.ReadWrite | View and modify OneNote notebooks | Can view the titles of your notebooks and sections; view and modify all your pages; create new pages; rename sections. Cannot access password protected sections. |
Scope (enterprise) | Permission in Azure portal | Description |
---|---|---|
Notes.Read.All | View OneNote notebooks in your organization | Can view the contents of notebooks and sections in all notebooks that the signed-in user has access to. Cannot create new pages; modify existing pages; access password protected sections. |
Notes.ReadWrite.All | View and modify OneNote notebooks in your organization | Can view the titles of notebooks and sections; view and modify all pages; rename all sections; create new pages in all notebooks that the signed-in user has access to. Cannot access password protected sections. |
Required query string parameter | Description |
---|---|
response_type | The type of authentication flow you're using. In this case, code. |
client_id | The client ID created for your application. |
redirect_uri | The redirect URL for your application. |
resource | The resource you need access to. In this case, https://onenote.com/ |
Required body parameter | Description |
---|---|
grant_type | The grant type of the request. In this case, authorization_code. |
client_id | The client ID created for your application. |
client_secret | Web applications and web APIs only. The client secret created for your application. |
code | The code you received as a URL parameter in the previous step. |
redirect_uri | The redirect URL for your application. This must match the redirect_uri in the first request. |
resource | The resource you need access to. In this case, https://onenote.com/ |
401 Unauthorized
response. Your app should handle this response and check the token expiration before sending requests.Required body parameter | Description |
---|---|
grant_type | The grant type of the request. In this case, refresh_token. |
client_id | The client ID created for your application. |
client_secret | Web applications and web APIs only. The client secret created for your application. |
redirect_uri | The redirect URL for your application. |
refresh_token | The refresh token you received previously. |
resource | The resource you need access to. In this case, https://onenote.com/ |
#error={error_code}&error_description={message}
Parameter | Description |
---|---|
fileArray | An array of POSIX file paths |
Return value | Description |
---|---|
True | The user grants permission to the files. |
False | The user denies permission to the files. |