GPT How-to: Configuring Microsoft Graph + OAuth (and various third party APIs)

With OpenAI's latest advancements, particularly the GPT feature and its enhanced assistant capabilities, integrating AI with Microsoft Graph and third-party APIs has become more dynamic and important.

This guide focuses on configuring GPTs, Microsoft Graph with OAuth for seamless interaction, leveraging GPT's improved context understanding and automated abilities. The integration extends GPT's reach, enabling it to interact with extensive Microsoft 365 data and services but could be used for pretty much any API that uses Oauth like HubSpot or Google.

The integration of these advanced GPT capabilities with Microsoft Graph unlocks unprecedented possibilities. Microsoft Graph serves as a rich data source encompassing various Microsoft 365 services like Azure AD, Office 365, and more. By tapping into this repository, GPTs can leverage the vast array of organizational data, enhancing AI-driven functionalities.

You can try my functional version here.

• https://chat.openai.com/g/g-6QzJ0XxVC-ms-co-pilot

Potential Applications

1. Reading and Responding to Emails: With improved language understanding, GPT can effectively manage email communications, summarizing content, drafting responses, and prioritizing actions.
2. Document Management and Review: Utilizing OneDrive integration, GPT can assist in document review, summarization, and organization.
3. Advanced Scheduling Capabilities: GPT's understanding of natural language can revolutionize calendar management, scheduling meetings, and optimizing appointments.
4. Customized Business Solutions: The amalgamation of GPT with Microsoft Graph opens avenues for personalized AI solutions like intelligent chatbots, virtual assistants, and more, tailored to specific business needs.

Step by Step Guide

Step 1: Register Your Application in Azure Active Directory

1. Log in to Azure Portal: Go to Azure Portal and sign in.
2. Access Azure Entra ID: Select "Azure Entra ID" from the navigation menu.
3. Register Application: Go to "App registrations" > "New registration". Fill in the details: Name: Choose a meaningful name for your application.
4. Look for Redirect URI (optional): Enter the URL where users will be redirected after authentication. (You'll likely need to come back to this later.)

Step 2: Obtain Application (Client) ID and Directory (Tenant) ID

After registration, note the "Application (client) ID" and "Directory (tenant) ID" from the app overview page.

Step 3: Create a Client Secret

1. Navigate to Certificates & Secrets: In your app's registration page, go to "Certificates & secrets".
2. New Client Secret: Create a new client secret and note its value.

Step 4: Set Up OAuth in Your Application

1. Go to Configure in your GPT Creator.
2. Scroll down to Actions and create a new action
3. Copy Sample OpenAPI.json for OAuth

{
  "openapi": "3.0.0",
  "info": {
    "title": "Microsoft Graph API Example",
    "version": "1.0"
  },
  "servers": [
    {
      "url": "https://graph.microsoft.com/v1.0"
    }
  ],
  "paths": {
    "/me": {
      "get": {
        "operationId": "getUserProfile",
        "summary": "Get current user profile",
        "responses": {
          "200": {
            "description": "Successful response",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/UserProfile"
                }
              }
            }
          }
        },
        "security": [
          {
            "OAuth2": []
          }
        ]
      }
    }
  },
  "components": {
    "schemas": {
      "UserProfile": {
        "type": "object",
        "properties": {
          "displayName": {
            "type": "string"
          },
          "mail": {
            "type": "string"
          }
        }
      }
    },
    "securitySchemes": {
      "OAuth2": {
        "type": "oauth2",
        "flows": {
          "authorizationCode": {
            "authorizationUrl": "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize",
            "tokenUrl": "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token",
            "scopes": {
              "User.Read": "Read user profile"
            }
          }
        }
      }
    }
  }
}        

• Replace {Tenant} with your tenant value you previously copied.
• Add any additional scopes like Mail.Read, etc as needed to increase functionality like writing emails, creating docs, scheduling meetings.
• Ask ChatGPT to help you with any questions.
• Add Privacy policy. I used Microsoft's since it's their service.
• https://privacy.microsoft.com/en-US/

Step 5: Configure Redirect URI

1. Refresh the GPT Creator Interface. This is important, the redirect url doesn't show correctly until the interface is refreshed. Strange quirk.
2. Copy the Call Back URL and add to the redirects field in the Authentication area of Azure.

Step 6: Reauthorize and Test

• After updating, reauthorize your application and test the required functionality again.
• Type getUserProfile to see connect to Microsoft. You may get redirected back to the wrong page, go to the previous Chat interface and type getUserProfile again to reinitialize it.

Additional Notes

• The GPT platform is very Beta and doesn't always act as expected.
• If the Oauth doesn't work, remove it and do the steps again. Trust me, this does work. It takes some messing around to get it working.
• Keep the client secret secure.
• Ensure the redirect URI in your OAuth request matches what's configured in Azure AD.
• The OpenAPI.json snippets provide a blueprint for your API's authentication structure but do not directly enforce security in a runtime environment. Ensure your implementation in code aligns with this configuration.