I have OAuth token generated from Azure ADFS.
I am using this to connect to office 365 to get users calendar events, which is all working fine.
Now i want to generate a link in my application, which when clicked by users should redirect to their office 365 calendar directly without prompting for any credentials.
Can this be done?
Appreciate your help.
No, because the OAuth token represents a set of access rights granted by a user to your client at some point in the recent history and this does not mean that the user is still logged in.
Related
I want to send emails using Microsoft Graphs API from a backend service developed in node.js, that has no interactions with the user.
If I understand it correctly from this paragraph, if I use the Get access without user procedure, the administrator will have to give me some rights and then I will have those rights on every user account in the organization. This is not my goal, I only want to have those rights for one specific account, for which I have the login and password.
Is there a way to log in with an office365 account without user interaction?
Thanks :)
No. You need to have the user authenticate in order to obtain the initial access token and refresh token (to refresh your permission to access the account).
Using the new Outlook Add-in API I want to make some calls into SharePoint Online as the user and create a few items.
Everything is in O365 and the same tenant, so I'm logged in to Outlook with the same credentials as I use to login to SharePoint.
I can see getUserIdentityTokenAsync and getCallbackTokenAsync, but can I use that token to connect to SPO directly from JS?
From what I can see these tokens are for "third party apps" and EWS respectively.
Can I use either of these tokens to authenticate with an Azure AD application? Which I know I can configure to allow access to SPO.
Ideally I'd rather not prompt the user to login again within my add-in. Which I know I can do and am doing in an Office add-in, which doesn't have the getToken methods.
Thanks
I have created WebApi and hosted it to Azure server, now I want to get data from Microsoft Dynamics CRM into this API with logged in Office 365 users credentials.
So when I call the WebApi from office 365 it takes Office 365 logged in user's credentials and get data from CRM of same user.
For getting Dynamics 365 data you need the access token which as you mentioned is granted by office 365 OAuth server. Assuming that you already registered your app in Azure active directory and gained your client Id and secret key, you need also give permission to your app to access Dynamics 365 (using Required permissions in Setting panel of app registration).
After setting up your app in Azure AD, then you can redirect your user to office 365 login page (OAuth 2.0 Authorization Endpoint) for getting the access token. there are different methods to do it. In my experience I used getting token using Authentication code, but generally you need to compose a url to login page with following param:
'https://login.windows.net/' + tenant + '/oauth2/authorize?response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>&state=<state>&resource=<resource>'
In case of Authentication code it returns a code which you can use to acquire token. Microsoft developed some drivers which does it for you. If you use node.js you can check out adal, for sure they have something similar for dot.net.
After getting your access token, you just need to call your Dynamics 365 (resource) to get the data.
We have a multi-tenant Windows Azure app. We use it to authenticate Office 365 users, and grant us access to the user's calendars.
We had a support question today saying:
I then click the office 365 button, am taken to
the Microsoft Office 365 login screen where it
tells me I’m already logged in with my office 365
account. I click “remain signed in with this
account”, put in my password again, then am just
shown a blank screen (and microsoft sends me a text
with my two-factor authentication code, but nowhere
to input it).
We did not test any 2-factor authentication users when testing our new office 365 login. But it seems to me like there is an issue on Microsoft's side in this scenario.
Is there something special we need to do on our end ( a setting in our Azure app maybe? ) to support 2-factor authentication for our users?
Is it possible to get all email from all mailboxes in MS Exchange?
I have full rights in Azure console for Office365 exchange online.
http://i.stack.imgur.com/DF5n5.png
But when I'm trying make an request to
https://outlook.office365.com/EWS/OData/Users('user#company.onmicrosoft.com')/Inbox/Messages
getting an error "The specified object was not found in the store."
But for logged in admin
https://outlook.office365.com/EWS/OData/Me/Inbox/Messages
https://outlook.office365.com/EWS/OData/Users('admin#company.onmicrosoft.com')/Inbox/Messages
works well.
What should I do, to get access for read mail for all my users in office 365?
The current authorization model for Office 365 Mail, Calendar and Contacts services does not currently expose a permission that would allow your app to query other users' mailboxes.
The REST API consent flow allows you to register a web app that requires Admin consent. Once your web app has been given the global admin consent, it should be able to access information for all users under that tenant.
See the following post for more information:
http://msdn.microsoft.com/EN-US/library/office/dn605895(v=office.15).aspx#ConNavExample_config