SlideShare a Scribd company logo

O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azure AD - Waldek Mastykarz

NCCOMMS, profile picture
NCCOMMS

This document discusses securing APIs with Azure Active Directory (AD) authentication from SharePoint Framework (SPFx) solutions. It introduces the AadHttpClient SDK that can be used to call APIs secured with Azure AD without dealing with OAuth flows directly. The SDK handles retrieving access tokens automatically based on the permissions configured for the calling web part in the Azure AD tenant. The document provides an overview of how AadHttpClient works and links to additional resources on setting up API permissions and enabling cross-origin resource sharing (CORS) for APIs.

Technology
Related topics:
Microsoft Teams Insights
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azure AD - Waldek Mastykarz
Connect SharePoint Framework solutions to APIs secured with Azure AD
Authenticationisdifficult
rencore.com Calling API secured with Azure AD prerequisites What is OAuth? Which flow do I need? Which type of Azure AD app to create? Which URLs to enter as Reply URLs? …but I don’t know where users will put my web part or extension Is there an SDK I can use? Does it work in TypeScript? What if I add another web part to the page? What if two web parts request token at the same time? … …so what do I enter in Reply URLs?
AadHttpClient 👍
rencore.com Calling API secured with Azure AD prerequisites What is OAuth? Which flow do I need? Which type of Azure AD app to create? Which URLs to enter as Reply URLs? …but I don’t know where users will put my web part or extension Is there an SDK I can use? Does it work in TypeScript? What if I add another web part to the page? What if two web parts request token at the same time? … …so what do I enter in Reply URLs?
It.Just.Works.
rencore.com Connect to Azure AD-secured APIs from SPFx without headaches Demo
rencore.com Connect to Azure AD-secured APIs using the AadHttpClient SharePoint Online Client-side web part Azure Active Directory "SharePoint Online Client“ Permissions - xyz Tenant administrator configures what scopes are available for the MSGraphClient and AadHttpClient by configuring permissions to specific pre-provisioned application in the Azure Active Directory. 1 3 2 Configured access tokens automatically included in the call with needed permissions Request access tokens from the Azure AD side for the used application Custom API
rencore.com • Use the AadHttpClient class to access Azure AD-secured APIs wldk.nl/spconnect01 • Don’t pass web part context into React components wldk.nl/spconnect02 • Enable CORS for your API wldk.nl/spconnect03 • Setup API permissions in your tenant wldk.nl/spconnect01 • Each piece of JavaScript can access approved APIs wldk.nl/spconnect04 • Setup API permissions without packages wldk.nl/spconnect05 • Additional configuration required for multi-tenant apps wldk.nl/spconnect06 • Isolated web parts wldk.nl/spconnect07 Takeaways
Waldek Mastykarz Head of Product SharePoint MVP https://blog.mastykarz.nl @waldekm
Secure. Modernize. Empower.
O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azure AD - Waldek Mastykarz

More Related Content

PDF
O365Con18 - Introduction to Azure Web Applications - Eric Shupps
NCCOMMS
 
PDF
O365Con18 - Azure AD Connect Inside and Out - Sander Berkouwer
NCCOMMS
 
PDF
SPUnite17 Who Are You and What Do You Want
NCCOMMS
 
PDF
SPUnite17 Introduction to Azure Web Applications
NCCOMMS
 
PPTX
Azure functions serverless
Udaiappa Ramachandran
 
PPTX
Building a document e-signing workflow with Azure Durable Functions
Joonas Westlin
 
PPTX
Azure Web Apps Advanced Security
Udaiappa Ramachandran
 
PPTX
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 
O365Con18 - Introduction to Azure Web Applications - Eric Shupps
NCCOMMS
 
O365Con18 - Azure AD Connect Inside and Out - Sander Berkouwer
NCCOMMS
 
SPUnite17 Who Are You and What Do You Want
NCCOMMS
 
SPUnite17 Introduction to Azure Web Applications
NCCOMMS
 
Azure functions serverless
Udaiappa Ramachandran
 
Building a document e-signing workflow with Azure Durable Functions
Joonas Westlin
 
Azure Web Apps Advanced Security
Udaiappa Ramachandran
 
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 

What's hot (20)

PPTX
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
PPTX
Windows azure active directory
Krunal Trivedi
 
PPTX
Apps 101 - Moving to the SharePoint 2013 App Model - Presented 7/27/13 at Sha...
BlueMetalInc
 
PPTX
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Roy Kim
 
PPTX
Introduction to Azure Web Applications for Office and SharePoint Developers
Eric Shupps
 
PPTX
Windows Azure Active Directory
Pavel Revenkov
 
PPTX
Azure staticwebapps
Udaiappa Ramachandran
 
PDF
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
Eric Shupps
 
PPTX
Azure App Service Deep Dive
Azure Riyadh User Group
 
PPTX
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
 
PPTX
Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon
SPTechCon
 
PPTX
Building Push Triggers for Logic Apps
BizTalk360
 
PPTX
Identity and o365 on Azure
Mostafa
 
PPTX
AAD with MVC App
Sasha Rosenbaum
 
PPTX
Securing SharePoint Apps with OAuth
Kashif Imran
 
PDF
O365Con18 - PowerApps build custom forms for SharePoint with Azure Maps - Bra...
NCCOMMS
 
PPTX
SharePoint and Office Development Workshop
Eric Shupps
 
PPTX
Logic apps and PowerApps - Integrate across your APIs
Sriram Hariharan
 
PPTX
Deep Dive Mobile Development with Office 365
Chakkaradeep Chandran
 
PPTX
Azure Bot Service
Azure Riyadh User Group
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
Windows azure active directory
Krunal Trivedi
 
Apps 101 - Moving to the SharePoint 2013 App Model - Presented 7/27/13 at Sha...
BlueMetalInc
 
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Roy Kim
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Eric Shupps
 
Windows Azure Active Directory
Pavel Revenkov
 
Azure staticwebapps
Udaiappa Ramachandran
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
Eric Shupps
 
Azure App Service Deep Dive
Azure Riyadh User Group
 
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
 
Building Apps for SharePoint 2013 by Andrew Connell - SPTechCon
SPTechCon
 
Building Push Triggers for Logic Apps
BizTalk360
 
Identity and o365 on Azure
Mostafa
 
AAD with MVC App
Sasha Rosenbaum
 
Securing SharePoint Apps with OAuth
Kashif Imran
 
O365Con18 - PowerApps build custom forms for SharePoint with Azure Maps - Bra...
NCCOMMS
 
SharePoint and Office Development Workshop
Eric Shupps
 
Logic apps and PowerApps - Integrate across your APIs
Sriram Hariharan
 
Deep Dive Mobile Development with Office 365
Chakkaradeep Chandran
 
Azure Bot Service
Azure Riyadh User Group
 
Ad

Similar to O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azure AD - Waldek Mastykarz (20)

PPTX
Connect SharePoint Framework solutions to APIs secured with Azure AD
BIWUG
 
PPTX
Developing Apps with Azure AD
SharePointRadi
 
PDF
Colloquim Report - Rotto Link Web Crawler
Akshay Pratap Singh
 
PDF
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Security Conference
 
PDF
Creating cloud ready enterprise applications with the sharepoint 2013 app model
InnoTech
 
PPTX
Azure API Apps
BizTalk360
 
PDF
Identity Days 2020 - Quelles sont les méthodes et le niveau de sécurisation/r...
Identity Days
 
PDF
Why your next serverless project should use AWS AppSync
Yan Cui
 
PPTX
SharePoint as Development Platform for the Modern Intranet
Haaron Gonzalez
 
PDF
Come riprogettare le attuali farm solution di share point con il nuovo modell...
Fabio Franzini
 
PDF
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
NCCOMMS
 
PDF
24032022 Zero Trust for Developers Pub.pdf
Tomasz Kopacz
 
PPTX
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
PPTX
harePoint Framework Webinar Series: Consume Graph APIs in SharePoint Framework
Jenkins NS
 
PPTX
2014 SharePoint Saturday Melbourne Apps or not to Apps
Gilles Pommier
 
PPTX
SPCA2013 - Developing SharePoint 2013 Apps with Visual Studio 2012
NCCOMMS
 
PPTX
Developing SharePoint 2013 apps with Visual Studio 2012 - SharePoint Connecti...
Bram de Jager
 
PPTX
Tutorial: Building Apps for SharePoint 2013 Inside and Outside of the Firewal...
SPTechCon
 
PPTX
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
PPTX
App Model For SharePoint 2013
Toni Il Caiser
 
Connect SharePoint Framework solutions to APIs secured with Azure AD
BIWUG
 
Developing Apps with Azure AD
SharePointRadi
 
Colloquim Report - Rotto Link Web Crawler
Akshay Pratap Singh
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Security Conference
 
Creating cloud ready enterprise applications with the sharepoint 2013 app model
InnoTech
 
Azure API Apps
BizTalk360
 
Identity Days 2020 - Quelles sont les méthodes et le niveau de sécurisation/r...
Identity Days
 
Why your next serverless project should use AWS AppSync
Yan Cui
 
SharePoint as Development Platform for the Modern Intranet
Haaron Gonzalez
 
Come riprogettare le attuali farm solution di share point con il nuovo modell...
Fabio Franzini
 
O365Con18 - Hybrid SharePoint Deep Dive - Thomas Vochten
NCCOMMS
 
24032022 Zero Trust for Developers Pub.pdf
Tomasz Kopacz
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
harePoint Framework Webinar Series: Consume Graph APIs in SharePoint Framework
Jenkins NS
 
2014 SharePoint Saturday Melbourne Apps or not to Apps
Gilles Pommier
 
SPCA2013 - Developing SharePoint 2013 Apps with Visual Studio 2012
NCCOMMS
 
Developing SharePoint 2013 apps with Visual Studio 2012 - SharePoint Connecti...
Bram de Jager
 
Tutorial: Building Apps for SharePoint 2013 Inside and Outside of the Firewal...
SPTechCon
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
App Model For SharePoint 2013
Toni Il Caiser
 
Ad

More from NCCOMMS (20)

PDF
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
NCCOMMS
 
PDF
O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
NCCOMMS
 
PDF
O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
NCCOMMS
 
PDF
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
NCCOMMS
 
PDF
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
NCCOMMS
 
PDF
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
NCCOMMS
 
PDF
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
NCCOMMS
 
PDF
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
NCCOMMS
 
PDF
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
NCCOMMS
 
PDF
O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
NCCOMMS
 
PDF
O365Con19 - Azure Blackbelt - Jussi Roine
NCCOMMS
 
PDF
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
NCCOMMS
 
PDF
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
NCCOMMS
 
PDF
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
NCCOMMS
 
PDF
O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
NCCOMMS
 
PDF
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
NCCOMMS
 
PDF
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
NCCOMMS
 
PDF
O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
NCCOMMS
 
PDF
O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
NCCOMMS
 
PDF
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
NCCOMMS
 
O365Con19 - UI:UX 101 Learn How to Design Custom Experiences for SharePoint -...
NCCOMMS
 
O365Con19 - Model-driven Apps or Canvas Apps? - Rick Bakker
NCCOMMS
 
O365Con19 - Office 365 Groups Surviving the Real World - Jasper Oosterveld
NCCOMMS
 
O365Con19 - Developing Timerjob and Eventhandler Equivalents - Adis Jugo
NCCOMMS
 
O365Con19 - Sharepoint with (Artificial) Intelligence - Adis Jugo
NCCOMMS
 
O365Con19 - What Do You Mean 90 days Isn't Enough - Paul Hunt
NCCOMMS
 
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
NCCOMMS
 
O365Con19 - Start Developing Teams Tabs and SharePoint Webparts with SPFX - O...
NCCOMMS
 
O365Con19 - Start Your Journey from Skype for Business to Teams - Sasja Beere...
NCCOMMS
 
O365Con19 - Lets Get Started with Azure Container Instances - Jussi Roine
NCCOMMS
 
O365Con19 - Azure Blackbelt - Jussi Roine
NCCOMMS
 
O365Con19 - Customise the UI in Modern SharePoint Workspaces - Corinna Lins
NCCOMMS
 
O365Con19 - Be The Protagonist of Your Modern Workplace - Corinna Lins
NCCOMMS
 
O365Con19 - How to Really Manage all your Tasks Across Microsoft 365 - Luise ...
NCCOMMS
 
O365Con19 - Sharing Code Efficiently in your Organisation - Elio Struyf
NCCOMMS
 
O365Con19 - Things I've Learned While Building a Product on SharePoint Modern...
NCCOMMS
 
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
NCCOMMS
 
O365Con19 - Kaizala a Dive Into the Unknown - Rick van Rousselt
NCCOMMS
 
O365Con19 - How to Inspire Users to Unstick from Email - Luise Freese
NCCOMMS
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
NCCOMMS
 

Recently uploaded (20)

PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Cloud computing and distributed systems.
kkkkkhan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 

O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azure AD - Waldek Mastykarz

  • 2. Connect SharePoint Framework solutions to APIs secured with Azure AD
  • 4. rencore.com Calling API secured with Azure AD prerequisites What is OAuth? Which flow do I need? Which type of Azure AD app to create? Which URLs to enter as Reply URLs? …but I don’t know where users will put my web part or extension Is there an SDK I can use? Does it work in TypeScript? What if I add another web part to the page? What if two web parts request token at the same time? … …so what do I enter in Reply URLs?
  • 6. rencore.com Calling API secured with Azure AD prerequisites What is OAuth? Which flow do I need? Which type of Azure AD app to create? Which URLs to enter as Reply URLs? …but I don’t know where users will put my web part or extension Is there an SDK I can use? Does it work in TypeScript? What if I add another web part to the page? What if two web parts request token at the same time? … …so what do I enter in Reply URLs?
  • 8. rencore.com Connect to Azure AD-secured APIs from SPFx without headaches Demo
  • 9. rencore.com Connect to Azure AD-secured APIs using the AadHttpClient SharePoint Online Client-side web part Azure Active Directory "SharePoint Online Client“ Permissions - xyz Tenant administrator configures what scopes are available for the MSGraphClient and AadHttpClient by configuring permissions to specific pre-provisioned application in the Azure Active Directory. 1 3 2 Configured access tokens automatically included in the call with needed permissions Request access tokens from the Azure AD side for the used application Custom API
  • 10. rencore.com • Use the AadHttpClient class to access Azure AD-secured APIs wldk.nl/spconnect01 • Don’t pass web part context into React components wldk.nl/spconnect02 • Enable CORS for your API wldk.nl/spconnect03 • Setup API permissions in your tenant wldk.nl/spconnect01 • Each piece of JavaScript can access approved APIs wldk.nl/spconnect04 • Setup API permissions without packages wldk.nl/spconnect05 • Additional configuration required for multi-tenant apps wldk.nl/spconnect06 • Isolated web parts wldk.nl/spconnect07 Takeaways
  • 11. Waldek Mastykarz Head of Product SharePoint MVP https://blog.mastykarz.nl @waldekm