Background : https://learn.microsoft.com/en-us/graph/auth-v2-user

Office365 contains the GraphAPI that be used to access sharepoint documents, calendars,emails etc

What you need to do on the Azure side of this (also called the tennant by Microsoft) is to do an App_Registration, you do this in https://Portal.Azure.com.

From here you will need:

Client id, a guid string - put this in SysSingleton.Office365ClientId

tennant id, a guid string - put this in SysSingleton.Office365TennantId

Client secret, SysSingleton.Office365ClientSecret

You will also need to Grant your app-registration access to particular interfaces in office365 (allowed to see email or not, allowed to see sharepoint lists or not)

Once you are ready to "log on" or Authorize you must say what scope THIS particular session should see : scope looks like this, its a space delimited string:

offline_access User.Read Sites.Read.All

Put this value in SysSingleton.Office365Scope

We can now formulate the request for (1) a code (lives very short time) - we will then use this code to get an (2)access token (lives an hour) and a (2)refresh token (lives very long - often until revoked).

'https://login.microsoftonline.com/'+SysSingleton.oclSingleton.Office365TennantId+'/oauth2/v2.0/authorize?
client_id='+SysSingleton.oclSingleton.Office365ClientId+'
&response_type=code
&redirect_uri='+SysSingleton.oclSingleton.UrlEncode( SysSingleton.oclSingleton.Office365Redirect,false)+'
&response_mode=query
&scope='+SysSingleton.oclSingleton.UrlEncode( SysSingleton.oclSingleton.Office365Scope,false)+'
&state='+SysSingleton.oclSingleton.UrlEncode('http://localhost:5020/App#/AzureAuthorize/$null$',false)

Note the last query parameter: state - this is just runtripped for us - we use it to know where to redirect once we have the accesstoken.

You can use Tagged value DataIsLink and have the above url in a ViewModel column, or you can use the selfVM.NavigateURL in an action.