To create your own OneDrive/SharePoint App, complete these steps:
Step 1: Access Microsoft Entra Admin Center
- Go to the Microsoft Entra Admin Center
- Sign in using your Microsoft account (personal account) or Work/School account
- Navigate to Identity → Applications → App registrations in the left-hand menu
- Click + New registration at the top
Step 2: Register Your Application
- Name: Enter your application's display name (e.g., "My WordPress OneDrive Integration")
- Supported account types: Select "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)"
-
Redirect URI:
- Select Web from the dropdown
- Enter the OAuth 2.0 Redirect URI shown on your Share-one-Drive settings page
- Click Register
Step 3: Copy Application (Client) ID
- After registration, you'll see the Overview page
- Copy the Application (client) ID (displayed prominently at the top)
- Save this ID in your Share-one-Drive plugin settings page
Step 4: Create a Client Secret
- In the left menu, select Certificates & secrets (under Manage)
- Go to the Client secrets tab
- Click + New client secret
- Add a description (e.g., "WordPress Plugin Secret")
- Select an expiration period (recommended: 24 months)
- Click Add
- Important: Immediately copy the Value (not the Secret ID) - it will only be shown once!
- Save this client secret in your Share-one-Drive plugin settings page
Step 5: Configure API Permissions
- In the left menu, select API permissions (under Manage)
- You'll see User.Read (Microsoft Graph) already added by default - keep this
- Click + Add a permission
- Select Microsoft Graph → Delegated permissions
-
Search for and add the permissions you need based on your requirements:
-
Files.Read- Allows the app to read the signed-in user's files -
Files.Read.All- Allows the app to read all files the signed-in user can access -
Files.ReadWrite- Allows the app to read, create, update and delete the signed-in user's files -
Files.ReadWrite.All- Allows the app to read, create, update and delete all files the signed-in user can access
SharePoint Permissions (choose one if you need SharePoint access):
-
Sites.Read.All- Allows the application to read documents and list items in all site collections on behalf of the signed-in user -
Sites.ReadWrite.All- Allows the application to edit or delete documents and list items in all site collections on behalf of the signed-in user
Always add:
-
offline_access- Allows the plugin to maintain access to content on behalf of the user -
User.Read- (Already added by default) Allows the app to read the signed-in user's profile
Recommended minimal setup:
-
Files.Read(Delegated) -
Sites.Read.All(Delegated) - if SharePoint access is needed -
offline_access(Delegated) -
User.Read(Delegated)
-
- Click Add permissions after selecting each permission
Step 6: Grant Admin Consent (If Required)
Note: scope with .All generally requires admin consent. If you're an administrator:
- On the API permissions page, click Grant admin consent for [your organization]
- Confirm by clicking Yes
- Wait for the status to show green checkmarks
If you're not an admin, contact your IT administrator to grant consent for these permissions.
Step 7: Verify Authentication Settings
- In the left menu, select Authentication (under Manage)
- Under Platform configurations, verify your Web platform is listed
- Confirm the Redirect URI matches the one from your plugin settings
- Under Advanced settings, ensure:
- Allow public client flows: No (default)
- Enable the following mobile and desktop flows: Leave unchecked
Step 8: Save and Authorize
- Save all settings in your Share-one-Drive plugin configuration page
- Click the Authorize button in your plugin to complete the OAuth flow
- Sign in with a user account and grant permissions
Notice: If you run into issues using your own App, fall back to the default App by clearing the Application (client) ID and Client Secret on the plugin's settings page.