We have created lightning component in salesforce for Sharepoint which allows operations like view, download and update. We have implemented SSO between Salesforce and SharePoint Online using Microsoft Azure Active Directory. We have setup Azure Active Directory application for Graph to access data of SharePoint Online.
To communicate with Sharepoint online, access token of user need to be passed with Sharepoint Graph api. We can get access token using MSAL.js (v2) provided by Microsoft.
But when I am calling msal.acquireTokenPopup(), lightning component does not open microsoft login popup showing error - "SecureWindow.open supports http:, https:, mailto: schemes and relative urls.Failing descriptor: {markup://c:SharepointWidgetUsingGraph}".
I request if anybody can help me out and let me know where I am going wrong.
I had this same issue. My solution was to use a combination of LWC and visualforce to overcome the locker service issues. Here's a working example: https://github.com/rwegner7/salesforce-azure-pkce
Related
I have to integrate SharePoint with my web app(just want to show the content of the user account).
For that, I have researched and I am looking for the SharePoint integration with REST API through OAuth process, Right now I found a different way where users have to create their SharePoint app and they have to share username and password and then I can get the data with their credential for the users.
The above approach is not a good option.
Please help if someone knows how to get share point content through the OAuth approach with REST.
You are able to connect to Microsoft Graph which hosts an API for the Office365 entities such as Calendar, Mail, Sharepoint etc.
In order to authenticate, you need to follow the OAuth 2.0 flow. This involves the generation of access tokens, which are then used in case of username/password.
More information about the MS Graph API and setting up authentication as well as a number of SDKs can be found: https://learn.microsoft.com/en-us/graph/auth-register-app-v2?view=graph-rest-1.0
I've created a SPFX feature that needs to call an external API. The external API is part of a system that has its own authentication methods outside of SharePoint. Ideally I would like to send details about the current logged in SharePoint user to this API, validate them to ensure that the user is actually logged in in SharePoint, compare the SharePoint user with the external system's user (they'll have the same email addresses) and, once matched, run the external API's code with that user.
Is there any way to go about doing something like this? If not, what is the best way to handle this sort of problem? Do other Microsoft tools like Azure need to be used for this?
The supported way to authenticate SharePoint framework components to a custom API is by using Azure Active Directory (AAD) and OAuth.
You need to AAD-protect your API. You can configure it so it supports two authentication mechanisms: AAD and your current authentication method. For example, if a JWT token is present, you use AAD+OAuth, and if not you use your other authentication method.
The SPFx to API authentication mechanism is described in details in the page Connect to Azure AD-secured APIs in SharePoint Framework solutions.
In summary, you will need the following elements:
Register an application in Azure AD, which represents your API.
Use a server library to protect your API with that AAD application.
Configure your SPFx package so it has permissions to query your API.
Grant the permissions to your SPFx package in the SharePoint central administration.
Use the AadHttpClient in your web part to access your API.
The company I work in has a OneNote notebook stored in the organization SharePoint site.
I'll like to write an app that periodically accesses that notebook and do some processing on the content of it.
All the example code I've found authenticate with a user using OAuth.
Is there an example of how to authenticate as an app, not a user, and how to access the content of the OneNote notebook?
Yes - you can have authenticate via application-only permissions. The app will still need to be authorized by your SharePoint tenant, but after that it shouldn't require oauth.
https://blogs.office.com/en-us/2017/02/09/the-onenote-rest-api-now-supports-application-level-permissions/
MSDN:
https://msdn.microsoft.com/en-us/office/office365/howto/onenote-auth-appperms
I am trying to build a cross platform (Android, iOS, Windows) mobile application using Xamarin Forms PCL project library. My requirements are simple yet involves a lot of services which I find to tie together.
Here is the mix of services that I want to use
Xamarin Forms
Azure AD to Authenticate against (Office 365 tenant)
Mobile Services Client with offline sync capablity
Azure Mobile AppService .NET backend
SharePoint Online to perform CRUD operations on List on behalf of the user
I want to look at some samples or reference implementation with this combination.
I have been struggling with this combination, in fact I got AD Auth to work with Xamarin forms PCL using some pre-release version of ADAL NuGet package, the latest stable version does not work. Similarly I also for the App directly communicate with SharePoint REST APIs but now that the Auth is broken I am not able to proceed.
Then I thought of using Azure Mobile App .NET Backend, now I got Auth working there but when a call is made to the mobile backend I am not able to access SharePoint list (CSOM) since the Auth is only to access the backend service, unable to impersonate as the user to access SP. I guess I need to use AppAuth but that too not working.
I realise that instead of focusing on my actual problem of building the App I am not exploring different ways to get the AD Auth and SharePoint Access working. Can anyone point to any reference to help me out here.
I suspect you have a problem in your AAD setup. I assume you're using ADAL to do client-directed login on your Xamarin forms client. If so, then what you need to do is set up 2 Active Directory apps, one for the native client, and one for the web backend.
Here's a sample that's for mobile services that shows a similar setup, but for Dynamics CRM: Mobile Services Dynamics Connector Setup
The main point is that you need to set up your client app registration with the following permissions. Assuming your backend registration is MobileBackend:
Client app permissions:
Azure Active Directory: Enable sign-on and read users' profiles
MobileBackend: Access MobileBackend
MobileBackend will have the following permissions:
Azure Active Directory: Enable sign-on and read users' profiles
Sharepoint: The sharepoint permissions you need
Once you've done all this, use this article for Xamarin authentication: Authenticate users with the Active Directory Authentication Library.
I'd like to add an Office365/Graph Calendar integration to an existing Node.js app (hosted on AWS). I've already done a similar integration with Google's Calendar, and it was trivial to get set up. I'm not having nearly as much luck with the Microsoft version of things.
I've found at least 4 different ways to register an app (get a clientId and clientSecret), and I seem to get different errors for each of them, but can't get any to work properly.
I think a large part of my problem is that I've never had to work in the MS ecosystem before, so I don't have a lot of the baseline knowledge that the documentation assumes.
I'm not looking to host anything with Microsoft - do I even need an Azure account?
I'd like to allow any user with an Office365 account to connect it to my app - do I need to learn about Active Directory to do this? Does this part of it require Azure?
I've found instructions for using both https://login.microsoftonline.com/common/oauth2 and https://login.microsoftonline.com/common/oauth2/v2.0 for this, do I need to worry about which version I use depending on how I registered my app?
Microsoft Graph leverage Azure AD to authenticate and authorize users. The doc refers as:
To get your app authorized, you must get the user authenticated first. You do this by redirecting the user to the Azure Active Directory (Azure AD) authorization endpoint, along with your app information, to sign in to their Office 365 account. Once the user is signed in, and consents to the permissions requested by your app (if the user has not done so already), your app will receive an authorization code required to acquire an OAuth access token.
So you need to register an Azure account for configure the Azure AD service. Refer https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more info.
Meanwhile, to implement Microsoft Graph in node.js application, you can refer the following code sample for your information.
Microsoft Graph service app sample using Node.js
An Office 365 API sample app using Node, Express and Ejs
Office 365 Node.js Connect sample using Microsoft Graph
Matt, you can do this without an Azure account if you use the oauth2/v2.0 auth endpoint. When you do that, you can register on apps.dev.microsoft.com using a Microsoft account.
See this tutorial for doing it with the Outlook REST API, which is similar to the Graph (in fact, for Calendar operations the calls and entities are identical).