Skip to content

SharePoint Integration

The SharePoint module provides Microsoft Graph API integration for accessing SharePoint sites, drives (document libraries), files, lists, and Microsoft 365 Groups. It includes authentication with On-Behalf-Of (OBO) token exchange, a comprehensive Graph API client, and a pluggable access validation hook.

Import

import {
  SharePointAuth,
  SharePointAuthConfig,
  SharePointGraphClient,
  SharePointAccessValidator,
  AccessValidationResult,
} from "@modernpath/agent-framework";

Architecture

graph LR
    Agent["Agent / Handler"] -->|requests token| Auth[SharePointAuth]
    Auth -->|validates| AV[SharePointAccessValidator]
    Auth -->|OBO exchange| AAD["Azure AD"]
    Auth -->|returns token| Agent
    Agent -->|calls| GC[SharePointGraphClient]
    GC -->|REST| Graph["Microsoft Graph API"]
    Graph -->|sites, drives, files| SP["SharePoint Online"]

Components

SharePointAuth

Handles authentication for Microsoft Graph API access. Supports On-Behalf-Of (OBO) token exchange for delegated permissions, integrates with the access validator for authorization checks, and includes token caching with configurable TTL.

SharePointGraphClient

A comprehensive Microsoft Graph API client covering site discovery, drive/document library operations, file management (upload, download, delete), folder operations, list management, and Microsoft 365 Group lifecycle.

SharePointAccessValidator

A customer-owned access validation hook that the framework calls before minting or using tokens. Implement this interface to enforce your application's authorization rules (e.g. audit firm membership, assignment checks, scope restrictions).

Quick Start

import {
  SharePointAuth,
  SharePointGraphClient,
} from "@modernpath/agent-framework";

// Create the access validator (customer-owned)
const accessValidator: SharePointAccessValidator = {
  async validateAccess(userId, auditingId) {
    // Your authorization logic here
    return { valid: true };
  },
};

// Create the auth provider
const auth = new SharePointAuth(
  {
    tenantId: process.env.AZURE_TENANT_ID,
    clientId: process.env.AZURE_CLIENT_ID,
    clientSecret: process.env.AZURE_CLIENT_SECRET,
    useOnBehalfOfExchange: true,
  },
  tokenProvider,
  accessValidator,
);

// Create the Graph client
const graph = new SharePointGraphClient();

// Get an access token and use it
const token = await auth.getAccessToken(userId, auditingId);
const sites = await graph.searchSites(token, "Project Alpha");
const docs = await graph.listDocuments(token, sites.sites[0].id);