I'm trying to get familiar with Microsoft Graph API. I would like to create an Outlook Calendar add-in using the graph API. However, all of the articles I have read all seem to use the OAuth 2.0 model which requires manual sign in of the user. An add-in though, should not require a sign in by the user. If you are already using outlook, you should not have to authenticate manually in order to use the add-in. Can anyone suggest the correct authentication method for add-ins that still uses the Graph API?
I have read through this doc which appears to cover the entire scope of application types and their authentication method, but does not include add-ins. Is that because add-ins should not use Graph API?
At present, the Office add-in api is not able to provide the access token(it provides idToken and callback token) for the Microsoft Graph automatically. We still need to authenticate the user manually.
But we can call the EWS service directly in the Mail add-in. You may consider using the EWS to see whether it is helpful for your business.
Or you can use the client credential flow that could get the app-only token which doesn't need the users to interact in the authentication process.
Related
I have to integrate SharePoint with my web app(just want to show the content of the user account).
For that, I have researched and I am looking for the SharePoint integration with REST API through OAuth process, Right now I found a different way where users have to create their SharePoint app and they have to share username and password and then I can get the data with their credential for the users.
The above approach is not a good option.
Please help if someone knows how to get share point content through the OAuth approach with REST.
You are able to connect to Microsoft Graph which hosts an API for the Office365 entities such as Calendar, Mail, Sharepoint etc.
In order to authenticate, you need to follow the OAuth 2.0 flow. This involves the generation of access tokens, which are then used in case of username/password.
More information about the MS Graph API and setting up authentication as well as a number of SDKs can be found: https://learn.microsoft.com/en-us/graph/auth-register-app-v2?view=graph-rest-1.0
I want to read mails of users of a specific domain (tenant) using Outlook API. However, I don't have privileges to register new app in Azure portal, for that domain, and so am not able to use Graph API. We cannot use Outlook API without an OAuth app. In this case, using IMAP/POP3 is my only choice? How secure is to use IMAP/POP3 to read mails when compared to Azure AD Graph API? Please advise.
It depends on what you really want to achieve.
If you just want to read the messages, configuring your mailbox in Outlook or other email provider with IMAP/POP3 is a preference. You don't need to worry about its security, it has been in service for decades.
For Microsoft Graph API, to call Microsoft Graph, your app must acquire an access token from the Microsoft identity platform. See Authentication and authorization basics for Microsoft Graph to learn more details about it.
So the point is how you want to read your email.
If you are developing your own app, using Microsoft Graph API is certainly the best choice. You can test GET https://graph.microsoft.com/v1.0/me/messages to list your emails in Microsoft Graph Explorer without registering an app in Azure AD.
I am aiming to access my calendar data from my personal Microsoft Account via the Microsoft Graph API. Further, I do not want to authenticate myself interactively to get an access token. Instead, I prefer the non-interactive method outlined in this article.
Applying the non-interactive method of authentication works fine to gain information about users in my Azure Active Directory using GET https://graph.microsoft.com/v1.0/users/{user-id}.
Unfortunately, I am always retrieving the error message OrganizationFromTenantGuidNotFound when calling GET https://graph.microsoft.com/v1.0/users/{user-id}/calendars to get the list of my personal calendars of the user.
Is it possible to retrieve the calendar data of a personal Outlook account while employing a non-interactive method of authentication?
No, you can not retrieve the calendar data of a personal Outlook account while employing a non-interactive method of authentication.
Using the new Outlook Add-in API I want to make some calls into SharePoint Online as the user and create a few items.
Everything is in O365 and the same tenant, so I'm logged in to Outlook with the same credentials as I use to login to SharePoint.
I can see getUserIdentityTokenAsync and getCallbackTokenAsync, but can I use that token to connect to SPO directly from JS?
From what I can see these tokens are for "third party apps" and EWS respectively.
Can I use either of these tokens to authenticate with an Azure AD application? Which I know I can configure to allow access to SPO.
Ideally I'd rather not prompt the user to login again within my add-in. Which I know I can do and am doing in an Office add-in, which doesn't have the getToken methods.
Thanks
Since I have my users log in and password, can I silently log into their Microsoft Graph?
I want to fetch info from Office 365 API from a server app, so therefor I cannot have a Microsoft Login Window popping up.
Thanks
You want to use the confidential client flow for authenticating the Graph API. See the section "Daemon or Server Application to Web API" in this document for details. Of course you'll need to be the admin of you Azure AD, or have the admin's trust and blessing, in order to use this flow as the user isn't involved in the process themselves.
I've been trying to use it for calendaring apps. The flow login works fine but be aware that there are some limitations on using the Graph API with this authentication flow type (specifically interacting with Unified Groups calendars in my case).