One drive api secure url

Question

Short:

I am unable to find any setting in documentation one drive api to get a file url that could not be accessed without access token

Details:

I tried different things with queryParameters: "select=id,name,size,file" but could not change the result

Using javascript API, when files chosen from one it gives an array named values in which each object contains properties like (some fake but sample values)

@microsoft.graph.downloadUrl: "https://public.sn.files.1drv.com/m7ZHglUdfkMkwg-qqnNj8"
@odata.context: "https://graph.microsoft.com/v1.0/$metadata#drives('D2CFA54CB9FFC341')/items/$entity"
id: "FA4454CB9FFC341!172"
name: "sada.pdf"
size: 4344

My code to get above results is

var odOptions = {
    clientId: "df45ae45-68bd-4568-a473-4159a1b16fc1",
    action: "download",
    multiSelect: true,
    // openInNewWindow: true,
    // advanced: {
    //     queryParameters: "/drive/root/children?select=id,name,size,file",
    // },
    success: function (response) {
        console.log(555, response); 
    },
    cancel: function (response) { console.log(response); },
    error: function (e) { console.log(e); }
};
OneDrive.open(odOptions);

the problen is https://public.sn.files.. public url (any one can access file without login using this url) unlike google drive which gives a secure url

Answer 1

The downloadUrl is a short lived URL that is preauthenticated so that authorization is not required. Access control checks are instead performed on the request that returns the URL. A flow that's closer to what Google Drive utilizes would be to hit the /content endpoint for a specific file - this request requires an OAuth token to be provided and will return the binary content.