I am looking for an api to pull all the users using tenant ID or using MS graph API's with an AADv1/AADv2 app.
I have both v1 and v2 apps to access MS graph and also can use o365 tenant ID.
Pick the appropriate SDK for the ms graph depending on your language / platform preference. The readme in the repo will help you get started, as will the intellisense provided by the SDK. You’re going to want to ensure that your app registration has appropriate access to the APIs you’re after.
Related
I need to work with Azure services, so I use github.com/Azure/azure-sdk-for-go but also want to get a user email. Do I have to use the graph SDK (github.com/microsoftgraph/msgraph-sdk-go) for this?
My app allows authentication of both multi-tenant AD users and personal accounts.
Do I have to use the graph SDK
(github.com/microsoftgraph/msgraph-sdk-go) for this?
Yes, you would need to use msgraph-sdk-go SDK to interact with Graph API. You can find more information about using the SDK here: https://learn.microsoft.com/en-gb/graph/sdks/sdks-overview.
In my case I used an oauth2 token to authenticate both azure and graph SDKs. It's impossible to work with both SDKs using the same token because specifying scopes for both graph https://graph.microsoft.com/.default and azure services management https://management.azure.com//.default returns error about the scope being invalid.
So, you can't use Azure SDK for personal accounts, it must be a work account. Microsoft allows to have both personal and work account using the same email (and different passwords). Azure SDK does have graphrbac service that in theory can be used to fetch a user email but this service has been recently announced as deprecated.
I've ended up realizing I don't really need a user email, I'm fine with having a subscription ID.
From the Azure Active Directory v2.0 authentication libraries we can see lots of samples about how to use libraries to connect Active Directory. It seems all of them should create an application at apps.dev.microsoft.com first. Then use the Application ID and a new password to act the clientID and clientSecret in a client or server middleware application.
This way, one user can use the application to login by oauth 2 or openid through the Azure Active Directory API. Also can get the personal information such as user profile correctly.
But, if I want to get all the users information in a tenant one time, is there an API can do?
But, if I want to get all the users information in a tenant one time,
is there an API can do?
You can use Microsoft Graph API - specifically List Users API.
https://graph.microsoft.com/v1.0/users
For a quick test, try using Microsoft Graph Explorer
Similarly you can list users with Azure AD Graph API as well, but it would be recommended to use Microsoft Graph API.
Read Microsoft Graph or Azure AD Graph and this SO Post (Only case to use Azure AD Graph API would be if you need something very specific that you aren't able to achieve with stable version of the newer Microsoft Graph API.)
Azure AD Graph API to list users (not recommended)
https://graph.windows.net/myorganization/users
I recently figured out that there are two Graph APIs availble for Azure Active Directory. There is the unified graph.microsoft.com and the AAD specific graph.windows.net:
Azure AD Graph API functionality is also available through Microsoft
Graph, a unified API that also includes APIs from other Microsoft
services like Outlook, OneDrive, OneNote, Planner, and Office Graph,
all accessed through a single endpoint with a single access token.
Source
Is there any reason to use the unifed Graph API when I only need to browse AAD objects? Will the AAD specific graph.windows.net GraphAPI get deprecated?
There has been no announcement of Azure AD Graph API's deprecation and we (and others) use it in production every day.
If you can get what you want through Azure AD Graph API, I'd say use it. If you need something else from the Microsoft Graph API (like emails or contacts), use that one.
I'm trying to use Microsoft Graph API or Outlook REST API to create events in user calendar throught ajax / rest calls.
But i don't know where i have to call the key generated by Azure when i registered my application in Azure Active Directory... And i don't know if i need to pass Client ID too.
I gave the following permissions to Microsoft Graph in Azure:
I don't know if these permissions are enough for what i want to do.
Thanks in advance.
You could find permission details from Permission scopes | Graph API concepts, also you can refer to Office 365 Node.js Connect sample using Microsoft Graph and Microsoft Graph service app sample using Node.js from GitHub for more help.
I'd like to add an Office365/Graph Calendar integration to an existing Node.js app (hosted on AWS). I've already done a similar integration with Google's Calendar, and it was trivial to get set up. I'm not having nearly as much luck with the Microsoft version of things.
I've found at least 4 different ways to register an app (get a clientId and clientSecret), and I seem to get different errors for each of them, but can't get any to work properly.
I think a large part of my problem is that I've never had to work in the MS ecosystem before, so I don't have a lot of the baseline knowledge that the documentation assumes.
I'm not looking to host anything with Microsoft - do I even need an Azure account?
I'd like to allow any user with an Office365 account to connect it to my app - do I need to learn about Active Directory to do this? Does this part of it require Azure?
I've found instructions for using both https://login.microsoftonline.com/common/oauth2 and https://login.microsoftonline.com/common/oauth2/v2.0 for this, do I need to worry about which version I use depending on how I registered my app?
Microsoft Graph leverage Azure AD to authenticate and authorize users. The doc refers as:
To get your app authorized, you must get the user authenticated first. You do this by redirecting the user to the Azure Active Directory (Azure AD) authorization endpoint, along with your app information, to sign in to their Office 365 account. Once the user is signed in, and consents to the permissions requested by your app (if the user has not done so already), your app will receive an authorization code required to acquire an OAuth access token.
So you need to register an Azure account for configure the Azure AD service. Refer https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more info.
Meanwhile, to implement Microsoft Graph in node.js application, you can refer the following code sample for your information.
Microsoft Graph service app sample using Node.js
An Office 365 API sample app using Node, Express and Ejs
Office 365 Node.js Connect sample using Microsoft Graph
Matt, you can do this without an Azure account if you use the oauth2/v2.0 auth endpoint. When you do that, you can register on apps.dev.microsoft.com using a Microsoft account.
See this tutorial for doing it with the Outlook REST API, which is similar to the Graph (in fact, for Calendar operations the calls and entities are identical).