Microsoft OneDrive
Note: this connector has no hand-written README yet. Only the auto-generated reference below is available. See the connector's manifest at
connectors/identos.ms-onedrive/connector.v1.jsonfor the source.
Manifest reference
- ID:
identos.ms-onedrive - Version:
1.0.0 - Resource type:
urn:connector:identos:ms-onedrive
Supported auth modes
| Type | Details |
|---|---|
idp_passthrough | requires IdP microsoft |
Setup fields
| ID | Label | Default | Secret? | Notes |
|---|---|---|---|---|
upstream_auth.type | Authentication | idp_passthrough | no | — |
Scopes
| Scope |
|---|
onedrive:read |
onedrive:write |
onedrive:share |
onedrive:admin |
Routes
| Method | Pattern | Scope | Resource template |
|---|---|---|---|
GET | /v1.0/me/drive | onedrive:read | — |
GET | /v1.0/me/drive/root/children | onedrive:read | — |
GET | /v1.0/me/drive/items/{item_id}/children | onedrive:read | onedrive://{item_id}/children |
GET | /v1.0/me/drive/items/{item_id} | onedrive:read | onedrive://{item_id} |
GET | /v1.0/me/drive/root:/{path} | onedrive:read | onedrive://root:/{path} |
GET | /v1.0/me/drive/items/{item_id}/content | onedrive:read | onedrive://{item_id}/content |
GET | /v1.0/me/drive/recent | onedrive:read | — |
GET | /v1.0/me/drive/sharedWithMe | onedrive:read | — |
GET | /v1.0/me/drive/root/search | onedrive:read | — |
POST | /v1.0/me/drive/items/{parent_id}/children | onedrive:write | onedrive://{parent_id}/children |
PUT | /v1.0/me/drive/items/{parent_id}:/{filename}:/content | onedrive:write | onedrive://{parent_id}/{filename} |
PATCH | /v1.0/me/drive/items/{item_id} | onedrive:write | onedrive://{item_id} |
DELETE | /v1.0/me/drive/items/{item_id} | onedrive:write | onedrive://{item_id} |
POST | /v1.0/me/drive/items/{item_id}/copy | onedrive:write | onedrive://{item_id}/copy |
GET | /v1.0/me/drive/items/{item_id}/permissions | onedrive:share | onedrive://{item_id}/permissions |
POST | /v1.0/me/drive/items/{item_id}/createLink | onedrive:share | onedrive://{item_id}/links |
POST | /v1.0/me/drive/items/{item_id}/invite | onedrive:share | onedrive://{item_id}/invites |
MCP tools
| Name | Scope | Description |
|---|---|---|
get_drive | onedrive:read | Get the signed-in user's default OneDrive drive metadata (quota, owner, drive type). |
list_drive_root | onedrive:read | List all files and folders at the root of the signed-in user's OneDrive. |
list_folder_children | onedrive:read | List the contents of a specific folder in OneDrive by its item ID. |
get_drive_item | onedrive:read | Get metadata for a specific file or folder in OneDrive by its item ID. |
get_drive_item_by_path | onedrive:read | Get metadata for a file or folder by its path relative to the OneDrive root, e.g. "Documents/Report.docx". |
download_file | onedrive:read | Download the binary content of a file from OneDrive. Returns the file bytes. |
list_recent_files | onedrive:read | List files the signed-in user has recently accessed in OneDrive. |
list_shared_with_me | onedrive:read | List files and folders that others have shared with the signed-in user. |
search_drive | onedrive:read | Search for files and folders in the signed-in user's OneDrive by name or content. |
create_folder | onedrive:write | Create a new folder inside a parent folder in OneDrive. |
upload_file | onedrive:write | Upload or replace a file in OneDrive. Use for files up to 4 MB; use resumable upload for larger files. |
update_drive_item | onedrive:write | Update a file or folder's metadata — rename it, move it to a different parent, or update other properties. |
delete_drive_item | onedrive:write | Delete a file or folder from OneDrive. Deleted items go to the recycle bin. |
copy_drive_item | onedrive:write | Copy a file or folder to a new location in OneDrive. Returns a monitor URL to track the async copy operation. |
list_item_permissions | onedrive:share | List all sharing permissions on a file or folder, including links and direct grants. |
create_sharing_link | onedrive:share | Create a sharing link for a file or folder. Supports view-only and edit links scoped to the organisation or anonymous. |
invite_users_to_item | onedrive:share | Share a file or folder directly with specific users by email address. |
Operator data schema
Keys the operator can supply under data.pbac.operator.connectors["identos.ms-onedrive"].* — consumed by the connector's policy.
| Key | Type | Description |
|---|---|---|
protected_folders | array | Folder name segments (case-insensitive) that are blocked for all access. Path-based routes whose path begins with a matching segment are denied. Example: ["HR", "Legal", "Executive"]. |
allow_anonymous_sharing | boolean | When false (default), creating sharing links with scope "anonymous" (public links) is blocked. |
allow_external_sharing | boolean | When false (default), inviting users outside the organisation (external email domains) is blocked. Requires the operator to also seed allowed_domains. |
allowed_domains | array | Email domains considered internal. Used by the external-sharing block rule. Example: ["identos.ca", "contoso.com"]. Required when allow_external_sharing is false. |