I am trying to use Graph API in my outlook Addin.
What is the best way for an Office Add-in to get authorized access to Microsoft Graph using the credentials from the user's Office sign-on without needing the user to sign in a second time?
The below link explains the process, but I don't find any examples for the same.
https://learn.microsoft.com/en-us/office/dev/add-ins/develop/authorize-to-microsoft-graph
Any help is appreciated.
Related
Is possible to use Microsoft graph toolkit in Office add-ins?
I'm using React in Office add-in for Outlook.
Are there any examples of this?
Regards
Yes, it is possible. But make sense to use SSO from the add-in to acquire a token. Read more about SSO in Outlook add-ins in the Enable single sign-on (SSO) in an Office Add-in article.
Microsoft has the tutorial showing how to use Data Factory to extract Office 365 data, but that seems to only extract Outlook email information?
Is there a way to use Data Factory (and a tutorial hopefully) to connect to Azure AD and extract all the Active Directory users? Microsoft Graph API has the commands to do that, but I wasn't clear if that was the only way or if Data Factory can connect to it directly (like the O365 connector it has)?
Microsoft has the tutorial showing how to use Data Factory to extract Office 365 data, but that seems to only extract Outlook email information?
According to the Microsoft documentation,not only email information,there are many other information such as address book contacts, calendar events, user information, mailbox settings, and so on.
So you can get user information which contains aboutMe,companyName,etc. when you choose BasicDataSet_v0.User_v1 in dataset.(All properties you can get,please refer to this documentation)
By the way,your tenant admin need to opt-in to Microsoft Graph data connect if you do this.And there is no AAD connector.
Hope this can help you.
I used Azure Logic Apps and got through Azure AD group (get members) then used Office 365 Connector to Get Manager there is also another option get direct reports. If you are using Logic apps please make sure to turn the pagination on so you get all users.
This is were I started but once I get going I was able to figure it out myself
https://eax360.com/query-azure-active-directory-using-graph-api-logic-apps/
Every documentation or tutorial I follow on how to programatically access Outlook's API seems to point to the same pattern:
Application redirects user to Azure so he can authorize (OAuth) the app access to his account's data.
Every time Azure Active Directory is mentioned as a cloud-based credential/access manager.
I'm having a hard time to understand why exactly AD is even needed. And even if it is, that means that should a company desire to integrate an application with the employees calendars, for example, they would need to have an AD just for authentication purposes? Does this make sense if I want to publish an application on Azure for any kind of customer?
Every Office 365 customer has an Azure AD for authentication. If you want to get at users contacts in O365 you have to authenticate using Azure AD.
If you want to get at contacts in Outlook.com, Microsoft provides the same authentication flow for Microsoft Accounts (MSA) that Outlook.com uses.
This means you can use the same authentication flow and call the Microsoft Graph to get contacts no matter if they are an Office 365 user or an Outlook.com user. Your app does the same auth flow and makes the same calls.
I am developing a office add-in.
This office Add-In is supposed to retrieve the term store from SharePoint.
By following this tutorial:
https://learn.microsoft.com/en-us/office/dev/add-ins/develop/create-sso-office-add-ins-aspnet
I managed to get an access token to be used for Graph api. However the Graph does not expose any way of getting the term store. Is there a way we can generate an access token to be used with SharePoint and maintain the SSO?
It might be possible by registering an Azure AD v1 app but I could not find any documentation describing that.
I have a similar requirement, but in my research I wasn't able to find a good solution for this scenario.
I think it is probably possible to use a provider hosted SharePoint add-in. And then use the Authorization Code flow for obtaining an access token. Since the SharePoint add-in is trusted it will not require user login.
Of course this does mean the add-in needs to be deployed in SharePoint. If your Office add-in is distributed through the store this isn't really a great solution.
Hopefully there are other ways of achieving the same.
You could call SharePoint Online APIs (via REST or CSOM) with Azure Active Directory Apps. To call APIs secured by Azure AD, your app must acquire an access token from Azure Active Directory.
Please first refer to this document for integrating applications with Azure Active Directory. Then use Azure Active Directory Authentication Library (ADAL) to easily authenticate users to cloud or on-premises Active Directory (AD), and obtain access tokens for securing API calls.
We've been running an Angular app in a custom masterpage during the last year, using the Sharepoint REST api to retrieve user properties, data from lists etc., which has been working fine. As the application is hosted on Sharepoint Online, accessing the page requires a login thus making the request digest available so further authentication is not necessary.
Now however, we want to start using some of the functionality in the Microsoft Graph API. From what I can gather this requires OAuth2 authentication against the Azure Active Directory, involving among other things a redirect to the AAD login page.
Does this mean I have to:
1) Login via the organizations (standard Microsoft) login page to access the Sharepoint Online site.
2) Redirect to the Azure AD login page and back again?
Or can I leverage the login that the user already did when logging into Sharepoint Online?
Sorry if the question is a bit vague, we are all still very new to this.
When registering your application on Azure AD you will give the app access to Files/Sharepoint REST api and Microsoft Graph API. See this picture the app has access to several apis (Exchange, Graph and AD) you must add sharepoint APIs in your case.
Regarding the authentication, I am afraid that the Sharepoint model does not provide a token that will enable you to request the Graph API see this. You will have two authentications, one to access the Sharepoint site, as you said, and the other "within" the sharepoint iframed add-in to log into your AAD's registered app. This will be an OAUTH process through login.microsoft.com. Have a look at my Outlook add-in Keluro Mail Team on the Office store, I think it is similar to what you want to achieve.
You can use the same token from graph.microsoft.com. I have a sample using Asp.Net Core 1.0 and the.Net ADAL but the same authentication flow is used when using ASP.NET 4.6. Just make your auth request against ms graph on startup then acquire access token to auth against SharePoint.
https://github.com/edrohler/com.ericrohler
Hope this helps.