2019 05-16 aOS Luxembourg - 5 - Unchain your apps capabilities with Microsoft Graph - Yannick Plenevaux
0 likes67 views
The document discusses the capabilities of Microsoft Graph API, which allows applications to access and manipulate corporate data within Microsoft 365. It covers the API's features, security permissions, authorization flows, and how to create applications that utilize the API. Additionally, it emphasizes the integration of Microsoft Graph in SharePoint Framework solutions and the continuous evolution of the API with cloud-based capabilities.
2019 05-16 aOS Luxembourg - 5 - Unchain your apps capabilities with Microsoft Graph - Yannick Plenevaux
- 1. Unchain your app’s capabilities with Microsoft Graph Yannick Plenevaux yp_code
- 2. aOS Luxembourg 16 mai 2019 Yannick Plenevaux SharePoint & Office 365 Architect MCSD App Builder @ yannick.plenevaux@pvx-solutions.com @yp_code https://ypcode.wordpress.com Founder of PVX Solutions https://www.pvx-solutions.com
- 3. aOS Luxembourg 16 mai 2019 Agenda Corporate data The Microsoft Graph API The Graph Explorer Security Permissions Authorization Flow Create your app ! Microsoft Graph in SPFx solutions Q&A
- 4. aOS Luxembourg 16 mai 2019 Corporate data Me E-mails Events Documents Tasks Content Groups People Organization Conversations / Chats Devices Activities
- 5. aOS Luxembourg 16 mai 2019 Microsoft 365 data Me E-mails Events Documents Tasks Content Groups People Organization Conversations / Chats Devices Activities
- 6. aOS Luxembourg 16 mai 2019 The Microsoft Graph API One API to access and manipulate all corporate data in your app ! V1.0 : Stable and fully supported by Microsoft for Production usage Beta : Preview of upcoming capabilities. Subject to changes Not supported by Microsoft for Production usage
- 7. aOS Luxembourg 16 mai 2019 The Microsoft Graph API Only on Microsoft 365 / Office 365 (Cloud) Will most likely never come fully on premises ! Why ? It continuously evolves (release each month) It uses a lot of machine learning algorithms on interconnected data from various Microsoft services Would be very difficult to setup and maintain… It is THE Microsoft Cloud “killer app” ! However, some hybrid scenarios are feasible Announced at Build 2019 : Include your local Data in Microsoft Graph
- 8. aOS Luxembourg 16 mai 2019 The Microsoft Graph API https://graph.microsoft.com Implements OData syntax in most cases $filter $select $skip / $top $expand $orderby … RESTful = HTTP calls Read HTTP GET Create HTTP POST Update HTTP PUT / PATCH Delete HTTP DELETE Get my 3 next events GET https://graph.microsoft.com/v1.0/me/events?$filter=start/dateTime gt ‘2019-05-16T00:00:00’&$orderby=start/dateTime asc&$top=3 Get the files in my OneDrive folder GET https://graph.microsoft.com/v1.0/me/drive/root/children
- 9. aOS Luxembourg 16 mai 2019 The Microsoft Graph API Accepts JSON as arguments and return JSON responses Can be used in any technology with HTTP capabilities API client implementation in various technologies https://developer.microsoft.com/en-us/graph/get-started
- 10. aOS Luxembourg 16 mai 2019 The Graph Explorer Test the Microsoft Graph API In a playground context (read-only) With your tenant real data https://developer.microsoft.com/en-us/graph/graph-explorer
- 11. aOS Luxembourg 16 mai 2019 The Graph Explorer DEMO
- 12. aOS Luxembourg 16 mai 2019 Security: Permissions Permissions have to be granted to the application Delegated permissions The application performs the actions on behalf of a signed-in user. “Effective permission” is the least privileged permission between the delegated permission and the real privilege of the user Application permissions (app-only) Not signed-in user (background job, automated tasks, …) Consent has to be given to the application Delegated permissions The current user gives consent to the requested permissions Administrators can give consent for all users Some permissions require an administrator to give consent Application permissions Only administrators can give consent https://docs.microsoft.com/en-us/graph/permissions-reference
- 13. aOS Luxembourg 16 mai 2019 Security: Authorization flows Azure AD protected Web API Authorization Flow Common usage OpenID Connect Web applications OAuth 2.0 Implicit Grant Client-side applications (JS) OAuth 2.0 Auth Code Native (Desktop, Mobile) applications OAuth 2.0 on-behalf-of Web APIs OAuth 2.0 Client Credentials App-only (Background jobs, …) … The authorization endpoints : https://login.microsoftonline.com/common/oauth2/v2.0 • /authorize (Sign-in) • /token (Get access token) Pass the access token in each Graph HTTP call headers Authorization: Bearer <access token> These authorization flows are mostly handled by the available client APIs ! If not, it can be implemented in any technology with HTTP capabilities common can be replaced by the tenant id to target a specific tenant (e.g. contoso.onmicrosoft.com)
- 14. aOS Luxembourg 16 mai 2019 Authorization flow Web app Data from API forwarded to user Microsoft Graph
- 15. aOS Luxembourg 16 mai 2019 Authorization flow Mobile/Desktop app Microsoft Graph 1 hour Access Token expires after 1 hour Refresh token expires after 14 days renewable up to total 90 days
- 16. aOS Luxembourg 16 mai 2019 Create your app ! In order to access graph from an application Setup (by Azure AD administrator) Need to register the app in Azure AD https://aad.portal.azure.com App registrations For Web applications Need Redirect URI Need to request the appropriate permissions for the app to work properly At runtime 1. The user signs in At first sign-in, the user must give consent to the permissions requested by the application Administrators can give consent for all users (can also be done from AAD portal) No “sign-in” in app-only context 2. Get Access Token 3. Call the Microsoft Graph endpoint with the Authorization header set to Bearer <access_token>
- 17. aOS Luxembourg 16 mai 2019 Create your app ! DEMO
- 18. aOS Luxembourg 16 mai 2019 Microsoft Graph in SPFx solutions SPFx v1.6 (Aug. 2018) Call to AAD registered app natively supported Dedicated feature support for Microsoft Graph As in any app using MS Graph The appropriate permissions needs to be requested The permissions must be granted by a SharePoint global administrator No need to access Azure AD portal SPFx integrated library to automatically handle the access token internal plumbing
- 19. aOS Luxembourg 16 mai 2019 Microsoft Graph in SPFx solutions DEMO
- 20. aOS Luxembourg 16 mai 2019 Microsoft Graph in SPFx solutions Leverage your corporate data using Microsoft Graph In your SharePoint customizations In your custom Microsoft Teams Tabs Soon in your Office add-ins ! ( Word, Excel, PowerPoint, Outlook) Public announcements are expected at SPC this month ! Using ONE Framework and even ONE codebase
- 21. aOS Luxembourg 16 mai 2019 Unchain your app’s capabilities with Microsoft Graph Questions ?
- 22. Merci à notre sponsor !