Microsoft Graph API where use token generated by azure? - azure

I'm trying to use Microsoft Graph API or Outlook REST API to create events in user calendar throught ajax / rest calls.
But i don't know where i have to call the key generated by Azure when i registered my application in Azure Active Directory... And i don't know if i need to pass Client ID too.
I gave the following permissions to Microsoft Graph in Azure:
I don't know if these permissions are enough for what i want to do.
Thanks in advance.

You could find permission details from Permission scopes | Graph API concepts, also you can refer to Office 365 Node.js Connect sample using Microsoft Graph and Microsoft Graph service app sample using Node.js from GitHub for more help.

Related

Can anyone suggest the Azure AD sign-in/ Sign-Out code flow for the Asp.net core Web API

Can anyone suggest the Azure AD sign-in/ Sign-Out code flow for the Asp.net core Web API.
I am developing the Web API project(same as https://app.hubspot.com/crm-settings-email/6849578/email/connectedEmails) for Office 365 integration and have implemented all the required MS GRAPH API but stuck with the Sign-In/Sign-out process for the Personal Microsoft account holder. tried the sample code for OpenId-Connect V2 code flow but not able to return any Access Token or Code in return.
Can anyone suggest the correct code-flow for Web-API project and the how to register or sign-in/out the any Microsoft User into my Azure APP?
I believe Authorization code flow is good for your requirement as you have mentioned .net core Web-API project. Please go through Ms document for different implementations of other authentication flows (which can be implemented MSAL library) which helps you to choose your own code flow based on your scenario.
Please go through sample given by Microsoft which helps you in handling AAD login with personal accounts. Also, Please make sure you have selected Accounts in any organizational directory and personal Microsoft accounts option while creating an app in app registration.

Microsoft Graph API vs. IMAP/POP3 - which is better for reading mails?

I want to read mails of users of a specific domain (tenant) using Outlook API. However, I don't have privileges to register new app in Azure portal, for that domain, and so am not able to use Graph API. We cannot use Outlook API without an OAuth app. In this case, using IMAP/POP3 is my only choice? How secure is to use IMAP/POP3 to read mails when compared to Azure AD Graph API? Please advise.
It depends on what you really want to achieve.
If you just want to read the messages, configuring your mailbox in Outlook or other email provider with IMAP/POP3 is a preference. You don't need to worry about its security, it has been in service for decades.
For Microsoft Graph API, to call Microsoft Graph, your app must acquire an access token from the Microsoft identity platform. See Authentication and authorization basics for Microsoft Graph to learn more details about it.
So the point is how you want to read your email.
If you are developing your own app, using Microsoft Graph API is certainly the best choice. You can test GET https://graph.microsoft.com/v1.0/me/messages to list your emails in Microsoft Graph Explorer without registering an app in Azure AD.

API to pull all users from O365 tenant or AAD using MS graph

I am looking for an api to pull all the users using tenant ID or using MS graph API's with an AADv1/AADv2 app.
I have both v1 and v2 apps to access MS graph and also can use o365 tenant ID.
Pick the appropriate SDK for the ms graph depending on your language / platform preference. The readme in the repo will help you get started, as will the intellisense provided by the SDK. You’re going to want to ensure that your app registration has appropriate access to the APIs you’re after.

Is it possible to get all the user informations in a tenant by Azure AD Graph API or Microsoft Graph API?

From the Azure Active Directory v2.0 authentication libraries we can see lots of samples about how to use libraries to connect Active Directory. It seems all of them should create an application at apps.dev.microsoft.com first. Then use the Application ID and a new password to act the clientID and clientSecret in a client or server middleware application.
This way, one user can use the application to login by oauth 2 or openid through the Azure Active Directory API. Also can get the personal information such as user profile correctly.
But, if I want to get all the users information in a tenant one time, is there an API can do?
But, if I want to get all the users information in a tenant one time,
is there an API can do?
You can use Microsoft Graph API - specifically List Users API.
https://graph.microsoft.com/v1.0/users
For a quick test, try using Microsoft Graph Explorer
Similarly you can list users with Azure AD Graph API as well, but it would be recommended to use Microsoft Graph API.
Read Microsoft Graph or Azure AD Graph and this SO Post (Only case to use Azure AD Graph API would be if you need something very specific that you aren't able to achieve with stable version of the newer Microsoft Graph API.)
Azure AD Graph API to list users (not recommended)
https://graph.windows.net/myorganization/users

OAuth2 and Microsoft Graph API for my Node.js app?

I'd like to add an Office365/Graph Calendar integration to an existing Node.js app (hosted on AWS). I've already done a similar integration with Google's Calendar, and it was trivial to get set up. I'm not having nearly as much luck with the Microsoft version of things.
I've found at least 4 different ways to register an app (get a clientId and clientSecret), and I seem to get different errors for each of them, but can't get any to work properly.
I think a large part of my problem is that I've never had to work in the MS ecosystem before, so I don't have a lot of the baseline knowledge that the documentation assumes.
I'm not looking to host anything with Microsoft - do I even need an Azure account?
I'd like to allow any user with an Office365 account to connect it to my app - do I need to learn about Active Directory to do this? Does this part of it require Azure?
I've found instructions for using both https://login.microsoftonline.com/common/oauth2 and https://login.microsoftonline.com/common/oauth2/v2.0 for this, do I need to worry about which version I use depending on how I registered my app?
Microsoft Graph leverage Azure AD to authenticate and authorize users. The doc refers as:
To get your app authorized, you must get the user authenticated first. You do this by redirecting the user to the Azure Active Directory (Azure AD) authorization endpoint, along with your app information, to sign in to their Office 365 account. Once the user is signed in, and consents to the permissions requested by your app (if the user has not done so already), your app will receive an authorization code required to acquire an OAuth access token.
So you need to register an Azure account for configure the Azure AD service. Refer https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more info.
Meanwhile, to implement Microsoft Graph in node.js application, you can refer the following code sample for your information.
Microsoft Graph service app sample using Node.js
An Office 365 API sample app using Node, Express and Ejs
Office 365 Node.js Connect sample using Microsoft Graph
Matt, you can do this without an Azure account if you use the oauth2/v2.0 auth endpoint. When you do that, you can register on apps.dev.microsoft.com using a Microsoft account.
See this tutorial for doing it with the Outlook REST API, which is similar to the Graph (in fact, for Calendar operations the calls and entities are identical).

Resources