feat: support single tenant (langgenius#2448)

Author: fatelei

datasources/sharepoint_datasource/manifest.yaml

@@ -1,4 +1,4 @@
-version: 0.2.2
+version: 0.2.3
 type: plugin
 author: langgenius
 name: sharepoint_datasource

datasources/sharepoint_datasource/provider/sharepoint.py

@@ -10,12 +10,32 @@
 
 
 class SharePointDatasourceProvider(DatasourceProvider):
-    _AUTH_URL = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
-    _TOKEN_URL = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
     _API_BASE_URL = "https://graph.microsoft.com/v1.0"
     # SharePoint permission configuration - supports site-specific and general permissions
     _GENERAL_SCOPES = "openid offline_access User.Read Sites.Read.All Files.Read.All"
-    
+
+    def _get_tenant_id_for_auth(self, system_credentials: Mapping[str, Any]) -> str:
+        """
+        Get tenant ID for authorization from system credentials.
+        Defaults to 'common' for multi-tenant apps if not specified.
+        """
+        return system_credentials.get("tenant_id") or "common"
+
+    def _get_tenant_id_for_token(self, credentials: Mapping[str, Any]) -> str:
+        """
+        Get tenant ID for token refresh from saved credentials.
+        For backward compatibility, defaults to 'common' if not saved.
+        """
+        return credentials.get("tenant_id") or "common"
+
+    def _get_auth_url(self, tenant_id: str) -> str:
+        """Get the OAuth authorization URL with the appropriate tenant ID."""
+        return f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize"
+
+    def _get_token_url(self, tenant_id: str) -> str:
+        """Get the OAuth token URL with the appropriate tenant ID."""
+        return f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
+
     def _get_sharepoint_scopes(self, subdomain: str) -> str:
         """
         Generate SharePoint permission scopes based on subdomain
@@ -44,10 +64,12 @@ def _oauth_get_authorization_url(self, redirect_uri: str, system_credentials: Ma
         subdomain = system_credentials.get("subdomain")
         if not subdomain:
             raise DatasourceOAuthError("Missing SharePoint subdomain configuration")
-            
+
         state = secrets.token_urlsafe(32)
         scopes = self._get_sharepoint_scopes(subdomain)
-        
+        tenant_id = self._get_tenant_id_for_auth(system_credentials)
+        auth_url = self._get_auth_url(tenant_id)
+
         params = {
             "client_id": system_credentials["client_id"],
             "redirect_uri": redirect_uri,
@@ -56,7 +78,7 @@ def _oauth_get_authorization_url(self, redirect_uri: str, system_credentials: Ma
             "state": state,
             "response_mode": "query"
         }
-        return f"{self._AUTH_URL}?{urllib.parse.urlencode(params)}"
+        return f"{auth_url}?{urllib.parse.urlencode(params)}"
 
     def _oauth_get_credentials(
         self, redirect_uri: str, system_credentials: Mapping[str, Any], request: Request
@@ -86,8 +108,12 @@ def _oauth_get_credentials(
         if not subdomain:
             raise DatasourceOAuthError("Missing SharePoint subdomain configuration")
 
+        # Get tenant ID for this authorization (will be saved to credentials)
+        tenant_id = self._get_tenant_id_for_auth(system_credentials)
+
         # Use the same permission scopes as the authorization URL
         scopes = self._get_sharepoint_scopes(subdomain)
+        token_url = self._get_token_url(tenant_id)
 
         token_data = {
             "grant_type": "authorization_code",
@@ -97,14 +123,14 @@ def _oauth_get_credentials(
             "redirect_uri": redirect_uri,
             "scope": scopes
         }
-        
+
         headers = {
             "Content-Type": "application/x-www-form-urlencoded",
             "Accept": "application/json"
         }
-        
+
         try:
-            response = requests.post(self._TOKEN_URL, data=token_data, headers=headers, timeout=30)
+            response = requests.post(token_url, data=token_data, headers=headers, timeout=30)
             response.raise_for_status()
             response_data = response.json()
 
@@ -140,7 +166,8 @@ def _oauth_get_credentials(
                     "access_token": access_token,
                     "refresh_token": refresh_token,
                     "token_type": response_data.get("token_type", "bearer"),
-                    "subdomain": subdomain  # Save subdomain to credentials
+                    "subdomain": subdomain,  # Save subdomain to credentials
+                    "tenant_id": tenant_id,  # Save tenant_id to credentials for consistent token refresh
                 },
             )
 
@@ -170,24 +197,29 @@ def _oauth_refresh_credentials(
         if not subdomain:
             raise DatasourceOAuthError("Missing SharePoint subdomain configuration")
 
+        # Get tenant_id from saved credentials for consistent token refresh
+        # For backward compatibility, defaults to "common" if not found
+        tenant_id = self._get_tenant_id_for_token(credentials)
+
         # Use the same permission scopes as initial authorization
         scopes = self._get_sharepoint_scopes(subdomain)
-        
+        token_url = self._get_token_url(tenant_id)
+
         token_data = {
             "grant_type": "refresh_token",
             "refresh_token": refresh_token,
             "client_id": system_credentials["client_id"],
             "client_secret": system_credentials["client_secret"],
             "scope": scopes
         }
-        
+
         headers = {
             "Content-Type": "application/x-www-form-urlencoded",
             "Accept": "application/json"
         }
-        
+
         try:
-            response = requests.post(self._TOKEN_URL, data=token_data, headers=headers, timeout=30)
+            response = requests.post(token_url, data=token_data, headers=headers, timeout=30)
             response.raise_for_status()
             response_data = response.json()
 
@@ -222,6 +254,7 @@ def _oauth_refresh_credentials(
                 "client_id": system_credentials.get("client_id") or credentials.get("client_id"),
                 "client_secret": system_credentials.get("client_secret") or credentials.get("client_secret"),
                 "subdomain": subdomain,
+                "tenant_id": tenant_id,  # Keep the same tenant_id for consistent token refresh
                 "user_email": user_email,
             }
 

datasources/sharepoint_datasource/provider/sharepoint.yaml

@@ -47,6 +47,18 @@ oauth_schema:
         zh_Hans: mycompany
         en_US: mycompany
       required: true
+    - name: tenant_id
+      type: text-input
+      label:
+        zh_Hans: 租户 ID
+        en_US: Tenant ID
+      help:
+        zh_Hans: '输入您的 Azure 租户 ID (用于单租户应用)。留空或使用 "common" 表示多租户应用。'
+        en_US: 'Enter your Azure tenant ID (for single-tenant apps). Leave blank or use "common" for multi-tenant apps.'
+      placeholder:
+        zh_Hans: common (多租户) 或您的租户 ID
+        en_US: common (multi-tenant) or your tenant ID
+      required: false
   credentials_schema:
     - name: access_token
       type: secret-input
@@ -63,6 +75,11 @@ oauth_schema:
       label:
         zh_Hans: SharePoint 子域名
         en_US: SharePoint Subdomain
+    - name: tenant_id
+      type: text-input
+      label:
+        zh_Hans: 租户 ID
+        en_US: Tenant ID
 datasources:
   - datasources/docs_in_site.yaml
   - datasources/docs_in_group.yaml