[SalesForce] Connect to SharePoint from Apex using Files Connect API

I'm trying to create a Lightning component that lists the files in a SharePoint Folder. The opportunity has a custom field specifying which folder to list. I can see the files when I navigate to the folder from the built in "Add Files" view, but when I try to list the files from Apex I get an authorization error.

Here is the code in my Apex controller:

@AuraEnabled
public static List<List<String>> getOpportunityFiles(Id repositoryId, String folderId) {
    System.debug('User: '+ UserInfo.getUserId() ); // this works, and shows me
    final ConnectApi.ContentHubRepository repository = ConnectApi.ContentHub.getRepository(repositoryId);
    System.debug('Got Repo: '+repositoryId); // This works
    System.debug(repository);
    final ConnectApi.RepositoryFolderDetail folder = ConnectApi.ContentHub.getRepositoryFolder(repositoryId, folderId);
    System.debug('Got Folder: '+folderId); // This fails
    final ConnectApi.RepositoryFolderItemsCollection folderItemsColl = ConnectApi.ContentHub.getRepositoryFolderItems(repositoryId, folderId);
    System.debug('Got Folder Items');
    final List<ConnectApi.RepositoryFolderItem> folderItems = folderItemsColl.items;
    System.debug('Number of items in repository folder: ' + folderItems.size());
    List<List<String>> results = new List<List<String>>();
    for(ConnectApi.RepositoryFolderItem item : folderItems){
       ConnectApi.RepositoryFileSummary fileSummary = item.file;
       if(fileSummary != null){
          System.debug(String.format('File item - name: \'\'{0}\'\', size: {1}, external URL: \'\'{2}\'\', download URL: \'\'{3}\'\'', new String[]{ fileSummary.name, String.valueOf(fileSummary.contentSize), fileSummary.externalDocumentUrl, fileSummary.downloadUrl}));
        results.add(new String[]{ fileSummary.name, String.valueOf(fileSummary.contentSize), fileSummary.externalDocumentUrl, fileSummary.downloadUrl});
       }else{
             ConnectApi.RepositoryFolderSummary folderSummary = item.folder;
             System.debug(String.format('Folder item - name: \'\'{0}\'\', description: \'\'{1}\'\'',  new String[]{ folderSummary.name, folderSummary.description}));
           results.add(new String[]{ folderSummary.name, folderSummary.description});   
       }
    }
    return results;
}

The logs seem like everything should be there, but I'm getting what looks like a wrapped Sharepoint Exception when I try to list the folder contents:

Logs:

10:43:52:021 USER_DEBUG [20]|DEBUG|ConnectApi.ContentHubRepository[buildVersion=40.0, authentication=ConnectApi.ContentHubRepositoryAuthentication[buildVersion=40.0, authFlowUrl=/services/auth/xds/00D4D0000008c6PUAQ/Sharepoint_Test?startURL=/0XU_0XC4D000000002v, authProtocol=Oauth, userHasAuthSettings=true], features=ConnectApi.ContentHubRepositoryFeatures[buildVersion=40.0, canBrowse=true, canSearch=true], id=0XC4D000000002vWAA, label=SharePoint Test, motif=ConnectApi.Motif[buildVersion=40.0, color=null, largeIconUrl=/img/icon/contenthubOffice365_64.png?v=2, mediumIconUrl=/img/icon/contenthubOffice365_32.png?v=2, smallIconUrl=/img/icon/contenthubOffice365_16.png?v=2, svgIconUrl=null], mySubscription=null, name=SharePoint_Test, providerType=ConnectApi.ContentHubProviderType[buildVersion=40.0, label=Files Connect: Microsoft SharePoint Online, type=ContentHubSharepointOffice365], rootFolderItemsUrl=/services/data/v40.0/connect/content-hub/repositories/0XC4D000000002vWAA/folders/root/items, type=ContentHubRepository, url=/services/data/v40.0/connect/content-hub/repositories/0XC4D000000002vWAA]

10:43:55:614 FATAL_ERROR System.HandledException: net.entropysoft.BaseException: System.UnauthorizedAccessException: Access denied. You do not have permission to perform this action or access this resource. (-2147024891)

Do I need to do something to initialize the OAuth connection? I've been following this example: https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/connectapi_examples_get_repository_folder_items.htm