After scouring the internet, I've found a variety of answers to this question, but nothing is clear. With an Azure AD app, it looks like Yammer Delegate permissions are included so I would imagine that I could use then ADAL token from the app, to interact with Yammer APIs but have been running into issues. Has anyone else got this working? Is there any way to silently authenticate with yammer in SharePoint online?
The Yammer Delegate permissions are a preview feature. Long-term we plan to integrate fully with the O365 developer experience, but aren't quite there yet. Today, Yammer supports a number of scenarios that don't align with O365. Once the product better aligns it's going to be possible to provide much deeper integration (not just limited to developer APIs.) One limitation of the delegate permission is that it won't work with networks that are using Yammer Identity. Another is that some endpoints might not accept the tokens.
The supported authentication flows for Yammer are documented on the developer site and these support users with all authentication types for Yammer. With these APIs you'll end up juggling an additional Yammer-only token. It is possible to use impersonation to silently authenticate users without them being prompted to authorize the Yammer app. There is a blog post providing an overview of how this can be used in combination with the Yammer JS SDK, but the tokens could be used from other clients.
Related
I have to integrate SharePoint with my web app(just want to show the content of the user account).
For that, I have researched and I am looking for the SharePoint integration with REST API through OAuth process, Right now I found a different way where users have to create their SharePoint app and they have to share username and password and then I can get the data with their credential for the users.
The above approach is not a good option.
Please help if someone knows how to get share point content through the OAuth approach with REST.
You are able to connect to Microsoft Graph which hosts an API for the Office365 entities such as Calendar, Mail, Sharepoint etc.
In order to authenticate, you need to follow the OAuth 2.0 flow. This involves the generation of access tokens, which are then used in case of username/password.
More information about the MS Graph API and setting up authentication as well as a number of SDKs can be found: https://learn.microsoft.com/en-us/graph/auth-register-app-v2?view=graph-rest-1.0
I am having an unusual hard time finding an example of how to develop a multi-user Xamarin.Forms app. Imagine you wanted to develop an app for UWP, iOS and Android that users can log into and then "do stuff".
It does not matter what - for example taking notes for later access.
Since I am using Microsoft Azure, I would love to have an example which makes use of Azure Active Directory B2C for authentication (including the usage of identity providers such as Microsoft, Facebook, Google, etc.) and Azure Mobile App Service / Azure SQL, etc.
While there are samples available that show how to use ADB2C I didn't find anything related to how you would implement a multi-user app (e.g. best strategies for the database schema, access management and how this works best with an own Restful API backend and how to include it in your client code, i.e. Model, Controller,...)
Does anyone of you happen to know an end-to-end sample for this type of Scenario?
Best regards,
Christian.
To setup authentication for B2C, I would recommend MSAL. Here are some samples:
https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
There are also samples available for the WebApi.
This is a simple Xamarin Forms app showcasing how to use MSAL to authenticate users via Azure Active Directory B2C, and access an ASP.NET Web API with the resulting token.
If you want to know how to setup your database to actually store user data, I would recommend using the claims provided in the token to identify the user. The best way identify the user reliably would be to use the objectId claim. It stays the same even if the user changes their email address.
The claims can also be used to show user information in your app, e.g. display name or email. You need to add the scope profile to your authentication request to get this data.
I am using Azure API management which has a link to a third party forum (Discourse). The default login system provided by the api management is been used for signing users up. I want to know if its possible to use single sign on for both api management and the forum so users don't have to make seperate accounts for them. Any guidance would be appreciated.
I am not sure about this but it seems that we can use AAD ( you won't need to create accounts if you already have them in your AAD ) to log in into API Management.
I am building a Xamarin app that will need to have users authenticated and each user will have a role. Would Azure AD OAuth 2.0 be a good solution for this scenario? Each person that downloads my app would register which would create an Azure AD user? At first I thought Azure AD was strictly for managing users within an organizations and not a way to authorize thousands of users of an app. Would I be able to seamlessly integrate Azure OAuth into my app without having to leave my app (like I would need to do with Google or Facebook OAuth)? Thanks for any clarification that would help me better understand!!
The Xamarin experience can leverage ADAL / MSAL PCL libraries for authentication (in Alpha right now) - available on nuget. You need to look at the new Azure AD Business to Consumer (B2C) offering (in preview right now).
Note that the OAuth experience this provides leverages WebViews inside of your app to perform user authentication so it doesn't differ from what you wish to avoid.
While you could theoretically change that behaviour by custom coding a solution it's probably worth considering the benefits of handing off authentication and only having to deal with the resulting tokens.
I'd like to add an Office365/Graph Calendar integration to an existing Node.js app (hosted on AWS). I've already done a similar integration with Google's Calendar, and it was trivial to get set up. I'm not having nearly as much luck with the Microsoft version of things.
I've found at least 4 different ways to register an app (get a clientId and clientSecret), and I seem to get different errors for each of them, but can't get any to work properly.
I think a large part of my problem is that I've never had to work in the MS ecosystem before, so I don't have a lot of the baseline knowledge that the documentation assumes.
I'm not looking to host anything with Microsoft - do I even need an Azure account?
I'd like to allow any user with an Office365 account to connect it to my app - do I need to learn about Active Directory to do this? Does this part of it require Azure?
I've found instructions for using both https://login.microsoftonline.com/common/oauth2 and https://login.microsoftonline.com/common/oauth2/v2.0 for this, do I need to worry about which version I use depending on how I registered my app?
Microsoft Graph leverage Azure AD to authenticate and authorize users. The doc refers as:
To get your app authorized, you must get the user authenticated first. You do this by redirecting the user to the Azure Active Directory (Azure AD) authorization endpoint, along with your app information, to sign in to their Office 365 account. Once the user is signed in, and consents to the permissions requested by your app (if the user has not done so already), your app will receive an authorization code required to acquire an OAuth access token.
So you need to register an Azure account for configure the Azure AD service. Refer https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more info.
Meanwhile, to implement Microsoft Graph in node.js application, you can refer the following code sample for your information.
Microsoft Graph service app sample using Node.js
An Office 365 API sample app using Node, Express and Ejs
Office 365 Node.js Connect sample using Microsoft Graph
Matt, you can do this without an Azure account if you use the oauth2/v2.0 auth endpoint. When you do that, you can register on apps.dev.microsoft.com using a Microsoft account.
See this tutorial for doing it with the Outlook REST API, which is similar to the Graph (in fact, for Calendar operations the calls and entities are identical).