seljeDrive Document Library for OneDrive

Сүрөттөө

This plugin lets you embed a OneDrive folder in WordPress using a shortcode.

Account support:

• This plugin supports OneDrive Personal (consumer Microsoft accounts) via Microsoft Graph.

Features:

• Embed a shared OneDrive folder as a browsable document library
• Breadcrumb navigation
• Search within the folder
• Open and download actions (configurable)
• Optional thumbnails/icons
• Access control modes (public, logged-in, roles)

Related links:

• SeljeDrive for Google Drive: https://wordpress.org/plugins/seljedrive-document-library-for-google-drive/
• seljeVisitorsFlags: https://wordpress.org/plugins/seljevisitorsflags/
• Support Discord: https://discord.gg/CAdgskTt6Q

Third-Party Services

This plugin connects to external services operated by Microsoft. These services are required for the plugin to function. No data is sent to the plugin author or any other party.

Microsoft Identity Platform (OAuth 2.0)

What it is: Microsoft’s authentication service, used to obtain an access token so the plugin can read OneDrive on behalf of the connected Microsoft account.

When it is used:

• When a site administrator clicks “Connect Microsoft” on the plugin settings page, the browser is redirected to Microsoft’s login page to complete the OAuth flow.
• When the stored access token expires, the plugin silently exchanges the refresh token for a new access token in the background. This happens during a REST API request from a site visitor if the token has expired.

Data sent:

• OAuth authorization code (exchanged for tokens; issued by Microsoft and sent back to Microsoft only).
• Client ID and client secret (your Azure App Registration credentials; sent to Microsoft to identify your app).
• Refresh token (sent to Microsoft when refreshing an expired access token).

No visitor data (IP addresses, user accounts, browsing behaviour) is sent to Microsoft through the OAuth endpoints.

Service endpoint: https://login.microsoftonline.com/

Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement
Microsoft Services Agreement: https://www.microsoft.com/en-us/servicesagreement

Microsoft Graph API

What it is: Microsoft’s REST API for accessing OneDrive files and folders.

When it is used:

• When a visitor views a page containing the [so_doc_library] shortcode, the plugin calls the Graph API to list the contents of the configured OneDrive folder.
• When a visitor searches, browses into a subfolder, or requests a file download or open link, additional Graph API calls are made.
• When a new library is saved and its share URL is first resolved, the plugin calls the Graph API to look up the folder identity.

Data sent:

• The OneDrive folder share URL configured by the site administrator (sent to resolve the shared folder identity).
• Access token (sent as a Bearer token in the Authorization header to authenticate each request).
• Folder and file identifiers (sent to navigate folder contents, retrieve items, and generate download links).
• Search query strings entered by visitors (sent to the Graph API search endpoint).

No personally identifiable visitor information is sent to Microsoft through the Graph API. Search queries and folder identifiers are functional data needed solely to retrieve the requested files.

Service endpoint: https://graph.microsoft.com/

Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement
Microsoft Services Agreement: https://www.microsoft.com/en-us/servicesagreement
Microsoft Graph terms of use: https://learn.microsoft.com/en-us/legal/microsoft-apis/terms-of-use

Data storage

The plugin stores the following in the WordPress database:

• Your Azure App Registration Client ID (plain text WordPress option).
• Your client secret value (AES-256 encrypted WordPress option; never exposed in the admin UI after saving).
• The OAuth access token and refresh token (AES-256 encrypted WordPress option).
• Library configuration (folder share URLs, access settings, display options) as a WordPress option.

All stored data is removed automatically when the plugin is uninstalled.

User tracking

This plugin does not track, profile, or fingerprint site visitors. No analytics, telemetry, or third-party tracking scripts are loaded. The plugin applies server-side rate limiting (based on IP address, stored as a short-lived WordPress transient) solely to protect the REST API endpoints from abuse; IP addresses are hashed and never logged or transmitted externally.

Plugin settings

Microsoft OAuth

Client ID
The Application (client) ID from your Azure App Registration (a GUID). Found in Azure Portal under App registrations → your app → Overview. The plugin validates that this looks like a GUID before allowing you to connect.

Client secret value
The client secret VALUE from Azure Portal → Certificates & secrets → New client secret. Paste the VALUE column — not the Secret ID column. Microsoft only shows the value once, so copy it immediately after creation. Leave blank when saving to keep an existing secret. The value is stored AES-256 encrypted and is never shown again in the admin UI after saving.

Redirect URI
A read-only field showing the callback URL you must register in Azure Portal under your App Registration → Authentication → Platform: Web → Redirect URI. Use the Copy button to copy it.

Connect Microsoft / Disconnect
After a valid Client ID and secret are saved, Connect Microsoft starts the OAuth authorization flow — you will be redirected to Microsoft to sign in and approve access. Disconnect removes the stored access and refresh tokens.

Libraries

Name
A label for this library shown only in the WordPress admin. Not visible to front-end visitors.

Folder Share URL
The OneDrive sharing link for the folder to display. Create it in OneDrive by right-clicking a folder → Share → Anyone with the link → Copy link. The link typically starts with https://1drv.ms/… The Microsoft account connected in the plugin must have access to this link.

Access
Controls who can view the library on the front end:

• Public — visible to all visitors, no login required.
• Logged-in users — only visible to WordPress users who are currently signed in.
• Specific roles — only visible to users whose WordPress role is in the Allowed roles list.

Allowed roles
Only shown when Access is set to Specific roles. Check every WordPress user role that should be permitted to view this library. If no roles are checked, the library is not accessible to anyone.

Hide Open button
Removes the button that opens the file inside OneDrive in a new browser tab. Download is still available unless that button is also hidden.

Hide Download button
Removes the direct download button. The Open button is still available unless that is also hidden.

Remove header from frontend
Removes the library title and breadcrumb navigation bar above the file list. Useful for minimal or fully custom embed layouts.

Icon is preview of file content
When checked, image files show a small thumbnail fetched from OneDrive instead of a generic file icon. This may slightly increase loading time for large folders.

Frontend language
The language used for UI text (button labels, date formats, breadcrumbs) in the embedded library. Defaults to the WordPress site language. Only languages that are both installed in WordPress and available as translation files for this plugin appear in the list.

Root folder label
A custom display name for the top-level folder shown in the breadcrumb. Leave blank to use the actual folder name from OneDrive.

Allowed file extensions
A comma-separated list of extensions to display (e.g. pdf,docx,xlsx). Files with other extensions are hidden. Leave blank to show all file types. Do not include dots. Folders are always visible regardless of this filter.