Office 365 Add-in with Oauth2 Authentication - azure

I am making Office 365 add-in for Outlook web and SharePoint. As per the documentation, I need a developer account to register my add-in. The developer account for company is for $99.
I also wanted to authenticate user using his office 365 subscription. The documentation tells that an Azure account is needed for office 365 authentication, in which the app will be registered. Azure account is for $99 for company.
Now my question is that, as I have to register office 365 add-in and also enable authentication, do I need to buy both accounts each for $99 that cost $198. Or only one account serves my purpose ? It will be really helpful if any one having experience with office add-in can suggest some good resource to do this.

After you have the Office 365 developer account, you don't have to buy the Azure subscription to register the app to the Azure Active Directory. Because the Office 365 account already have a free subscription to Azure Active Directory.
And to activate this subscription and access the Azure management portal, you have to complete a one-time registration process. Afterward, you can access Azure AD from your Microsoft service that uses it(refer here about detail).
And it is recommend that you register the app through the Application Registration Portal at http://apps.dev.microsoft.com/ since it supports 'V2' which allow developers to write apps that accept sign-in from both Microsoft Accounts and Azure AD accounts, using a single auth endpoint(V2 endpoint).

Related

Office 365 subscription: Associate Azure AD Application created for OAuth

I am a bit confused with Office 365 subscriptions and the application I have created in Azure AD for OAuth.
I have programmatically created an Azure AD app for OAuth and have assigned it appropriate permissions for Graph API and EWS API. The app is working perfectly fine with the Dev tenant I have for my testing. I am able to programmatically access OneDrive and Mailboxes using the token created by this application.
Now I am not sure if I need to associate this app with Office 365 subscriptions. Currently, my dev tenant does not have any Azure / Office 365 subscriptions but users in the field may have Azure / Office 365 subscriptions.
I am not sure if I need to perform any specific checks for subscriptions and associate my app with any. Information I found on the net is confusing and I am unable to conclude anything from it.
Please let me know if you have any idea about this. I am a bit new to this whole thing so forgive my ignorance.
Access Graph API and EWS API only requires that you have O365 subscription.
But you don't need to do something like associating with O365 subscription.
Just make sure this Azure AD application is available in the corresponding tenant.
For example, we have a tenant #testTenant.onmicrosoft.com, and a user admin#testTenant.onmicrosoft.com.
You need to create the AAD application in this tenant #testTenant.onmicrosoft.com. And if admin#testTenant.onmicrosoft.com has O365 subscription with Exchange Online license, you can access its AAD user profile information and O365 mailbox with Graph and EWS. If the user doesn't have O365 subscription, you can also access its AAD user profile information. But the mailbox is not existing so you can't access the mailbox.

How to handle authentication for Microsoft graph daemon/service

I want to build a daemon to read and write emails using my organisation's office 365 account. My team has a private Azure Instance (not linked with any O365) and i have no admin access to o365 other than my accounts credential. How can i build a daemon service that authenticate with ms-graph and read/write emails without any user interaction?
You need to have an application definition in the directory that has the Office 365 accounts.
You can either create it directly, or you can create it as a multi-tenant application in another directory.
In the latter case, you need to grant it access to the Office 365 tenant's Azure AD.
If you haven't worked with Azure AD and the Microsoft Graph API before, I recommend you check out the samples. There are some for node.js, but the principles are the same for all other environments.

Adding Office 365 API Call Permissions to the Azure Management Console

I'm trying to generate, through the Windows Azure Management Console, an API key that will allow me to make requests for Exchange Calendar Data (I need access to the Office 365 Exchange Online API set).
I am trying to get to this - from a help post I saw. Unfortunately, I only have these options.
However, I don't have access to the Office 365 permissions set for the application I created, and I can't figure out how to get access. Do I have to have an Office 365 organization account?
A few more details: the application itself is in my default directory, and it isn't multi-tenant. Thanks.
In order to create an application with Azure AD that uses Office permissions, I had to register for an Office 365 account with the same account that I used to create the application in the Azure Management Console. You probably won't see those permissions unless you have signed up for Office 365.
I signed up for a free trial and let it expire, and I was still able to use the requisite application permissions for Office. My Azure free trial also expired, and I was still able to use AD as I had before, and my application can still make API calls.

Use office 365 login/credentials as Single Sign On

Can I use office 365 login/credentials as Single Sign On? Actually I need to sign in my web application using office 365 login details.
Further I want to use following url credentials for Single Sign On in my web application.
https://portal.office.com
Indeed. Office365 identities are backed by Azure Active Directory, and you can build WebApps, WebAPIs and mobile apps secured using Azure Active Directory, so that customers of Offic365 can SSO to your applications.
The various auth scenarios supported by Azure AD are here: http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx. Code samples are here: http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx.
Hope that helps.

Accessing office 365 data using service account

Similar to the question here Accessing Office 365 user mail data with admin authorisation only
Currently i am implementing an application that will access a set of mailboxes on Office365 using a service account.
There is an MSDN blog post announcing oauth support for Office 365 http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx
Can our app use the technique in that link and get authorization from the administrator for the set of mailboxes using the service account for this "group" of mailboxes ?
If you're using OAuth with the new REST APIs, an administrator can consent on behalf of their entire Office 365 organization. They cannot consent only on behalf of a subset of users.

Resources