onenote-security-basics

Featured

Implement secure authentication, token management, and permission scoping for OneNote Graph API. Use when hardening OneNote integrations, implementing least-privilege permissions, or managing token lifecycle. Trigger with "onenote security", "onenote permissions", "onenote token management", "onenote least privilege".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# OneNote Security Basics ## Overview OneNote Graph API security changed fundamentally on March 31, 2025, when Microsoft deprecated app-only authentication for OneNote endpoints. Every integration must now use delegated authentication through MSAL, which means real users must sign in — no more background service accounts with client secrets. This skill covers the full security surface: permission scoping, token lifecycle management, MSAL cache serialization, credential storage, and multi-tenant hardening. Get any of these wrong and your integration either breaks silently (expired tokens returning 401s) or over-provisions access (Notes.ReadWrite.All when Notes.Read suffices). ## Prerequisites - Azure AD app registration with redirect URI configured at https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps - Microsoft 365 license (E3/E5/Business) with OneNote enabled - Python: `pip install msgraph-sdk azure-identity msal` or Node: `npm install @microsoft/microsoft-graph-client @azure/identity @azure/msal-node` - Understanding of OAuth 2.0 authorization code flow and delegated permissions ## Instructions ### Permission Scope Matrix Choose the minimum scope required for your use case: | Scope | Read notebooks | Read pages | Create pages | Create notebooks | Admin consent? | |-------|:-:|:-:|:-:|:-:|:-:| | `Notes.Read` | Yes | Yes | No | No | No | | `Notes.ReadWrite` | Yes | Yes | Yes | Yes | No | | `Notes.ReadWrite.All` | Yes | Yes | Yes | Yes | **Yes** | | `Notes.C...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Azure · Cloud OAuth · Auth npm · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

onenote-install-auth

Install and configure OneNote SDK/API authentication with delegated auth (MSAL). Use when setting up a new OneNote integration, configuring Azure AD app registration, or migrating from deprecated app-only auth. Trigger with "install onenote", "setup onenote auth", "onenote credentials", "azure ad onenote".

2,266 Updated today
jeremylongshore
AI & Automation Featured

onenote-reference-architecture

Reference architecture for OneNote integrations covering all notebook locations and API path patterns. Use when designing multi-tenant OneNote integrations or choosing between personal, SharePoint, and group notebook APIs. Trigger with "onenote architecture", "onenote api paths", "onenote sharepoint vs personal".

2,266 Updated today
jeremylongshore
AI & Automation Featured

onenote-upgrade-migration

Migrate OneNote integrations across Graph SDK versions, auth deprecations, and API changes. Use when upgrading Graph SDK, migrating from app-only to delegated auth, or handling deprecated endpoints. Trigger with "onenote upgrade", "onenote migration", "graph sdk upgrade", "onenote breaking changes".

2,266 Updated today
jeremylongshore
AI & Automation Featured

onenote-prod-checklist

Production readiness checklist for OneNote Graph API integrations covering auth, rate limits, and failure modes. Use when preparing a OneNote integration for production deployment or conducting a launch review. Trigger with "onenote production checklist", "onenote launch review", "onenote prod ready".

2,266 Updated today
jeremylongshore
AI & Automation Featured

onenote-core-workflow-a

Full CRUD lifecycle for OneNote notebooks, section groups, sections, and pages via Graph API. Use when building notebook management features, creating page hierarchies, or working with XHTML content. Trigger with "onenote crud", "onenote page management", "onenote notebook workflow".

2,266 Updated today
jeremylongshore