From cff39ac74fba04b473f7dd90d4efbc5ea62548a7 Mon Sep 17 00:00:00 2001 From: Tianjing Li Date: Wed, 13 Dec 2023 11:56:48 -0500 Subject: [PATCH] fix OAuth setup, test --- sharepoint/README.md | 12 +++++++++--- sharepoint/provider/client.py | 24 ++++++++++++------------ 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/sharepoint/README.md b/sharepoint/README.md index 39b53a24d..33ac74fdd 100644 --- a/sharepoint/README.md +++ b/sharepoint/README.md @@ -30,7 +30,13 @@ Navigate to Applications > App registrations > New registration option. Select "Web" as the platform, and add a redirect URI as needed. For App auth, you can set the URI to the server you're hosting the connector on. For Delegated auth, set the URI to `https://api.cohere.com/v1/connectors/oauth/token`. -Next, we will configure your App permissions (this requires Admin access on Entra). Head under your app's API permissions page and select Add a permission > Microsoft Graph > Application Permissions > In the Select Permissions dialog, choose `Application.Read.All`. +Next, we will configure your App permissions (this requires Admin access on Entra). Head under your app's API permissions page and select Add a permission > Microsoft Graph. From here, select either Application of Delegated permissions as required, and check the following permissions: + +- `offline_access` (only if using Delegated) +- `Application.Read.All` +- `Files.ReadWrite.All` (MSFT requires this to enable search, though this connector will never write anything) + +Go back to API permissions, and as an Admin, select Grant admin consent for MSFT. Then, head to Certificates & Secrets and create a new client secret. @@ -77,8 +83,8 @@ Next, register the connector with Cohere's API using the following configuration "oauth": { "client_id": "{Your Microsoft App CLIENT-ID}", "client_secret": "{Your Microsoft App CLIENT-SECRET}", - "authorize_url": "https://login.microsoftonline.com/{Your Microsoft App TENANT-ID}/oauth2/v2.0/authorize" - "token_url": "https://login.microsoftonline.com/{Your Microsoft App TENANT-ID}/oauth2/v2.0/token" + "authorize_url": "https://login.microsoftonline.com/{Your Microsoft App TENANT-ID}/oauth2/v2.0/authorize", + "token_url": "https://login.microsoftonline.com/{Your Microsoft App TENANT-ID}/oauth2/v2.0/token", "scope": ".default offline_access" } }' diff --git a/sharepoint/provider/client.py b/sharepoint/provider/client.py index 3f50509a4..080aef1b4 100644 --- a/sharepoint/provider/client.py +++ b/sharepoint/provider/client.py @@ -52,21 +52,21 @@ def set_user_access_token(self, token): self.headers = {"Authorization": f"Bearer {self.access_token}"} def search(self, query): + request = { + "entityTypes": self.SEARCH_ENTITY_TYPES, + "query": { + "queryString": query, + "size": self.search_limit, + }, + } + + if self.auth_type == self.APPLICATION_AUTH: + request["region"] = self.DEFAULT_REGION + response = requests.post( f"{self.BASE_URL}/search/query", headers={"Authorization": f"Bearer {self.access_token}"}, - json={ - "requests": [ - { - "entityTypes": self.SEARCH_ENTITY_TYPES, - "region": self.DEFAULT_REGION, - "query": { - "queryString": query, - "size": self.search_limit, - }, - } - ] - }, + json={"requests": [request]}, ) if not response.ok: