How to handle authentication for Microsoft graph daemon/service - node.js

I want to build a daemon to read and write emails using my organisation's office 365 account. My team has a private Azure Instance (not linked with any O365) and i have no admin access to o365 other than my accounts credential. How can i build a daemon service that authenticate with ms-graph and read/write emails without any user interaction?

You need to have an application definition in the directory that has the Office 365 accounts.
You can either create it directly, or you can create it as a multi-tenant application in another directory.
In the latter case, you need to grant it access to the Office 365 tenant's Azure AD.
If you haven't worked with Azure AD and the Microsoft Graph API before, I recommend you check out the samples. There are some for node.js, but the principles are the same for all other environments.

Related

Office 365 subscription: Associate Azure AD Application created for OAuth

I am a bit confused with Office 365 subscriptions and the application I have created in Azure AD for OAuth.
I have programmatically created an Azure AD app for OAuth and have assigned it appropriate permissions for Graph API and EWS API. The app is working perfectly fine with the Dev tenant I have for my testing. I am able to programmatically access OneDrive and Mailboxes using the token created by this application.
Now I am not sure if I need to associate this app with Office 365 subscriptions. Currently, my dev tenant does not have any Azure / Office 365 subscriptions but users in the field may have Azure / Office 365 subscriptions.
I am not sure if I need to perform any specific checks for subscriptions and associate my app with any. Information I found on the net is confusing and I am unable to conclude anything from it.
Please let me know if you have any idea about this. I am a bit new to this whole thing so forgive my ignorance.
Access Graph API and EWS API only requires that you have O365 subscription.
But you don't need to do something like associating with O365 subscription.
Just make sure this Azure AD application is available in the corresponding tenant.
For example, we have a tenant #testTenant.onmicrosoft.com, and a user admin#testTenant.onmicrosoft.com.
You need to create the AAD application in this tenant #testTenant.onmicrosoft.com. And if admin#testTenant.onmicrosoft.com has O365 subscription with Exchange Online license, you can access its AAD user profile information and O365 mailbox with Graph and EWS. If the user doesn't have O365 subscription, you can also access its AAD user profile information. But the mailbox is not existing so you can't access the mailbox.

Make Microsoft-Graph API calls without registering the app

This is NOT a code related question. But a question on auth while accessing Microsoft Graph.
I have a small nodeJS code that will access my own files on one drive and pull some data from an excel spreadsheet. This app is just my own, for automating a task. Is it possible for nodeJS code to access Microsoft Graph APIs without having to register this app and get admin approval?
I have a work account. My admin would not approve an app that is not going to help my organization.
It's determined by what kind of your account.
If your account is a work/school account, which is managed by your organization, you must register the application/create servicePrincipal in your organization tenant to call Microsoft Graph API. Because all company data, including your account data, is managed by your organization, not yourself.
If your account is a personal account, Microsoft Live Account, you can use Microsoft app registration portal for personal identity platform: https://apps.dev.microsoft.com/. It's managed by your own personal account.

Office 365 Add-in with Oauth2 Authentication

I am making Office 365 add-in for Outlook web and SharePoint. As per the documentation, I need a developer account to register my add-in. The developer account for company is for $99.
I also wanted to authenticate user using his office 365 subscription. The documentation tells that an Azure account is needed for office 365 authentication, in which the app will be registered. Azure account is for $99 for company.
Now my question is that, as I have to register office 365 add-in and also enable authentication, do I need to buy both accounts each for $99 that cost $198. Or only one account serves my purpose ? It will be really helpful if any one having experience with office add-in can suggest some good resource to do this.
After you have the Office 365 developer account, you don't have to buy the Azure subscription to register the app to the Azure Active Directory. Because the Office 365 account already have a free subscription to Azure Active Directory.
And to activate this subscription and access the Azure management portal, you have to complete a one-time registration process. Afterward, you can access Azure AD from your Microsoft service that uses it(refer here about detail).
And it is recommend that you register the app through the Application Registration Portal at http://apps.dev.microsoft.com/ since it supports 'V2' which allow developers to write apps that accept sign-in from both Microsoft Accounts and Azure AD accounts, using a single auth endpoint(V2 endpoint).

How to obtain Azure AD token inside Office 365 Outlook (or office apps) add-in?

I need the token in order to use office api discovery service (https://api.office.com/discovery/) to find SharePoint root url.
Is it possible to get access to Azure AD token from add-ins (Outlook/Office)?
Edit(To make things more clear):
As I'm building a multi-tenant Azure hosted app that should be launched via add-ins, I will have to force users to log-in in popup and give consent for application. Login is mandatory since in office add-in's we cannot find out who the logged in user is.
You can follow the documentation here on how to retrieve an authorization token - https://graph.microsoft.io/en-us/docs/platform/rest from Azure AD for the use of finding the root URL - also you can use the Microsoft Graph, which is the newer version of the Discovery service (more details about it again at the link provided).

Adding Office 365 API Call Permissions to the Azure Management Console

I'm trying to generate, through the Windows Azure Management Console, an API key that will allow me to make requests for Exchange Calendar Data (I need access to the Office 365 Exchange Online API set).
I am trying to get to this - from a help post I saw. Unfortunately, I only have these options.
However, I don't have access to the Office 365 permissions set for the application I created, and I can't figure out how to get access. Do I have to have an Office 365 organization account?
A few more details: the application itself is in my default directory, and it isn't multi-tenant. Thanks.
In order to create an application with Azure AD that uses Office permissions, I had to register for an Office 365 account with the same account that I used to create the application in the Azure Management Console. You probably won't see those permissions unless you have signed up for Office 365.
I signed up for a free trial and let it expire, and I was still able to use the requisite application permissions for Office. My Azure free trial also expired, and I was still able to use AD as I had before, and my application can still make API calls.

Resources