extend your development skills set using ms graph
TRANSCRIPT
SharePoint Saturday Belgium 2017 • October 21 • Brussels Track: Developer| Level: 200
Extend your development skills set using MS Graph
Yannick Borghmans
@yborghmans
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Agenda
• What’s Microsoft Graph
• Calling the API and getting entities
• Authentication
• How to get started with development• Graph explorer• Authentication• Coding
• Roadmap
• + Next session => Donald• .NET, Extensions, Webhooks, SP
SharePoint Saturday Belgium 2017 • October 21 • Brussels
SITES
GROUPS
ME
CONVERSATIONS CONTENT
INSIGHTS
CONTACTS
PEOPLE
ORGANIZATION
TASKSEMAIL
EVENTS
DOCUMENTS
DEVICES
CHATS
TEAMS
ACTIVITY
TRENDING
SHARED
REPORTS
Microsoft Graph
SharePoint Saturday Belgium 2017 • October 21 • BrusselsUsers Groups Outlook OneNote more…SharePoint IntuneTeams Azure ADPlanner Excel
https://graph.microsoft.com
Your appOne endpoint
One token
All users
Microsoft Graph API
Access user, group and organizational data
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Calling the API
• HTTP verbs dictate the request intent: GET | POST | PATCH | PUT | DELETE
• Version: /v1.0 or /beta
• Resource: /users, /groups, /sites, /drives, /devices, more…
• Member from collection: /users/AAA
• Property: /users/AAA/department
• Traverse to related resources via navigations: /users/AAA/events
• Query parameters: /users/AAA/events?$top=5
o Format results: $select | $orderby
o Control results: $filter | $expand
o Paging: $top | $skip | $skiptoken
/{version} ?{query-parameters}/{resource}/{id}/{property}
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Resources available (/v1.0)
Users Messages MailFolder Events
Contact (Folder)
LicenseDetails Drives Driveitem
Groups Conversations Tasks ...
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Resources available (/beta)
Users Messages MailFolder EventsContact (Folder)
LicenseDetails
Drives Driveitem Groups Conversations Tasks Teams
ChatThread ProjectRome Reports ...
SharePoint Saturday Belgium 2017 • October 21 • Brussels
https://graph.microsoft.com/v1.0/me
{"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity","id": "785452c3-e854-4f7b-b6f2-23ab357898a9","businessPhones": [
"8006427676"],"displayName": "MOD Administrator","givenName": "MOD","jobTitle": null,"mail": "[email protected]","mobilePhone": "425-882-1032","officeLocation": null,"preferredLanguage": "en-US","surname": "Administrator","userPrincipalName": "[email protected]"
}
SharePoint Saturday Belgium 2017 • October 21 • Brussels
https://graph.microsoft.com/v1.0/me?$select=displayName,skills{
"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users(displayName,skills)/$entity",
"displayName": "MOD Administrator",
"skills": [
"O365 development"
]
}
SharePoint Saturday Belgium 2017 • October 21 • Brussels
https://graph.microsoft.com/v1.0/me/drive/recent{
"@odata.type": "#microsoft.graph.driveItem","createdBy": {
"user": {"email": "[email protected]","displayName": "MOD Administrator"
}},"createdDateTime": "2017-10-07T01:34:44Z","id": "01AWEBQD3AXC2JGWHY65GLOG3XCR4YVGDO","lastModifiedBy": {
"user": {"email": "[email protected]","displayName": "MOD Administrator“
}},"lastModifiedDateTime": "2017-06-01T17:37:48Z","name": "High Density Print Head Installation Storyboard.pptx","parentReference": {
"driveId": "b!QWWNUVTcuUW0OLVrvm50FNtajrrVyPdJjNnOgpYlCUeh-XsODUNRSLlLssX3oKqp","driveType": "business"},
"webUrl": "https://m365x135018.sharepoint.com/sites/VideoProduction/_... ","size": 1007584
},
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Where is it included in O365 – Sharepoint.aspx
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Where is it included in O365 – People cards
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Multiple concepts
Azure v1 endpoint vs Azure v2 endpoint
01Registering Azure/AAD vs apps.dev.microsoft.com
02Permissions
03Admin consents
04Authentication flows
05
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Azure v1 endpoint vs Azure v2 endpoint
Work and school Personal
with ADAL with ADAL
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Azure v1 endpoint vs Azure v2 endpoint
Example: Web Application + Service APIv1 => 2 AAD applications (Web Application + Native Application)
v2 => 1 AAD Application, multiple platforms
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Azure v1 endpoint vs Azure v2 endpoint
Available libraries for authentication:
v1 => ADAL
v2 => MSAL (preview)
• Configurable token cache that stores access tokens and refresh tokens
• Automatic token refresh when an access token expires and a refresh token is available
• Support for asynchronous method calls
• ...
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Azure v1 endpoint vs Azure v2 endpoint
• Scopes instead of resources• Resource Identifier, or AppID URI: https://graph.windows.net/
• Scopes, or OAuth2Permissions: Directory.Read, Directory.Write, etc.
GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2d4d11a2-f814-46a7-890a-274a72a7309e&scope=https%3A%2F%2Fgraph.windows.net%2Fdirectory.read%20https%3A%2F%2Fgraph.windows.net%2Fdirectory.write
GET https://login.microsoftonline.com/common/oauth2/authorize? client_id=2d4d11a2-f814-46a7-890a-274a72a7309e &resource=https%3A%2F%2Fgraph.windows.net%2F ...
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Azure v1 endpoint vs Azure v2 endpoint
• Incremental and dynamic consentv1 => Permissions where set in AAD at app creation time
Adding permissions over time was a difficult process
v2 => Using scope attribute while application grows
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Permissions - examples
• Calendars.Read
• Calendars.Read.Shared
• Calendars.ReadWrite
• Calendars.ReadWrite.Shared
• User.ReadBasic.All
• User.Read
• User.ReadWrite
• User.Read.All
• User.ReadWrite.All
• Directory.Read.All
• Directory.ReadWrite.All
• Directory.AccessAsUser.All
• ...
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Permissions
• Delegated Permissions• Are used by apps that have a signed-in user present
• Application Permissions• Are used by apps that run without a signed-in user present
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Effective Permissions – e.g. User.ReadWrite.All
• Delegated Permissions• Least priviliged intersection of the delegated permissions
• Application Permissions• full level of privileged implied by the permission
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Admin consent
• Global administrator has to give it consent about the permissions
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Admin consent
• If not given =>• Error for end-user
• Consent question for global administrator
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Implicit flow aka Client-Side Flow
• Typically used by client side scripts (JS, TS, Angular, React ...)
• No client-secret due to no secure place to store it
• Temporary token
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Client credentials Flow aka Server-Side Flow
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Client credentials Flow aka Server-Side Flow
• If your application can keep a (client) secret
• Server-server communication, webjobs, services,...
• Without interaction of an user
• Application ID + ?• Client secrect
• Certificate
SharePoint Saturday Belgium 2017 • October 21 • Brussels
What can you do?
• What next possible meeting time for a group?
• Who is the manager of a specific person?
• On what documents is my meeting partner working on?
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Azure configuration
1. Register a new application Azure AD1. Configure properties
1. App ID URI
2. Reply URL
2. Add permissions (+ Grant permissions)
3. Enable implicit flow (client side..)
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Code configuration
1. Where to start from• Scratch
• dev.microsoft.com/graph => code samples
• Pnp Github => code samples
2. Libraries to use• SDK’s (.NET, JS, IOS, Android, PHP)
• ADAL, MSAL
SharePoint Saturday Belgium 2017 • October 21 • Brussels
DemoRegistration of your app
Github code samples
Code example
SharePoint Saturday Belgium 2017 • October 21 • Brussels
Capabilities
Announcements at IgniteGenerally Available ( v1.0 ) Preview ( beta )
Delta query for OneDrive, AAD and Outlook
Web hooks for OneDrive
Web hooks for Outlook
Extend Graph with your own data
SDKs for .Net/Xamarin, JS/Node, Android and PHP
Web hooks for users and groups
Delta query scoping filter for AAD
Batching
SharePoint Saturday Belgium 2017 • October 21 • Brussels Track: Developer| Level: 200
Extend your development skills set using MS Graph
Yannick Borghmans