The missing key: Azure AD for developers

46 [email protected] Azure AD for developers The missing key [email protected] | @sahilmalik

Transcript of The missing key: Azure AD for developers [email protected]

Azure AD for developersThe missing key

[email protected] | @sahilmalik [email protected]

Obligatory about me slide ..

• Twitter: @sahilmalik

• Hands on developer!• C#, SP, O365, JS, TS, Cordova, Electron, iOS, Android, etc.

• Worked in 18 countries, 5 continents.

• Author of 20+ books, videos, trainings, etc. etc.

• MVP for 15ish years.• C#, SharePoint, Office365

• Office Servers and Services, Visual Studio and Development Technologies [email protected]

What am I doing here?

• Two sessions,• This session: Where I put AzureAD and O365 dev in perspective, a lay of the

land. And end with a demo.

• Another session: Where is more hands on, where we do stuff with TypeScriptand Office365. Pretty cool stuff!

• So lets get started!! [email protected]


• I do not work for Microsoft

• All opinions presented here, are mine [email protected]

The state of dev in Office365

• Where does AzureAD fit in? [email protected]

Use Sandbox Solutions

Don’t use Sandbox Solutions

WTF guys, you have to use ‘em!

Sandbox Managed code no no

Sandbox declarative ok

Doesn’t work anyway [email protected]

SharePoint hosted Apps

Provider Hosted Apps

Auto Hosted Apps

Use Apps

SharePoint hosted AddIn

Provider Hosted AddIn

Auto Hosted AddIn Dead


Somewhat useful [email protected]

SharePoint hosted apps

• Poor upgrade story

• Limited capability on what they can actually do

• Requires wildcard redirect URI

• IFrame app parts, use querystrings, which can interfere with your logic

• ClientWebPart’s editor area is extremely limited

• Branding is hard

• UX is hard (resizing, deep linking etc.)

• Non-standard CORS

• Etc. [email protected]

Provider hosted apps

• More complex setup (but not terrible)

• Still uses ACS based tokens, but hopefully we will see Azure AD based tokens

• Different on-prem and O365.

• Can tap into REST and CSOM [email protected]

Enter Azure AD [email protected]


Azure AD [email protected]

Azure AD

• .. Is not a replacement for your on prem AD

• Protects Office 365 resources• Anything you access from the browser as a user

• Anything you access from a program using the API

• Can federate authentication to standards based identity providers [email protected]

So what does Office 365 have?

• Mail

• Calendar

• Skype4B

• Oh and SharePoint..

• .. So much more!

• So it needs APIs. [email protected]

Use APIs

No wait! Use Discovery Client

Screw that! Use Graph

Office Graph

Microsoft Graph

V1 app model

V2 app model


Beta APIs [email protected]

So what APIs do we have?

• Well there is the v1 app model

• Then there is a v2 app model

• And there is the v1 APIs

• And there are v2 APIs, which is not the same as the v2 app model [email protected]

IS IT CLEAR YET!? [email protected]

But this stuff is actually good! [email protected]

Needs Azure AD [email protected]

Uses ACS, but

can work with Azure AD

.. with some fineprint [email protected]

PHA vs Azure AD based APIs

Provider Hosted App

• Great for CSOM + REST (SharePoint)

• Suitable for single client (internal dev)

• Complex setup

• Works on prem, but somewhat different from O365

Azure AD based APIs

• CSOM + REST not 100% supported

• Very suitable for vendors

• Very suitable for app stores

• Does not work on-prem as of today

• Much more solid and robust architecture, but not everything is supported today [email protected]

APIs (v1 and v2) … these slides are green [email protected]

What APIs are available today?What APIs are coming later? [email protected]


• User

• OneDrive

• Outlook mail and calendar

• Personal Contact

• Groups

• Directory

• Webhooks

Beta• Users (more)• People• Tasks• OneNote• Data extensions• WebHooks (more)• Excel• OneDrive (more)• Outlook mail and calendar (more)• Personal contact (more)• Groups (more)• Organizational contacts• Directory (more) [email protected]

User – v1

Get/Update/Delete user detailsGet/create user mails and mail folders & send mailsList/Create calendars, and list/create/delete events, get remindersList/create/delete contacts and contact foldersList direct reports, manager, what groups the user belongs toList owned devices/ owned objects/registered devices/createdobjectsAssign license to userGroups – check for membership, get groups user is member of.Profile photo – Get/Update [email protected]

User – Beta

Find Meeting TimesGet and Update auto reply settings [email protected]

OneDrive – v1

• Get current user or another user’s drive

• Get root folder of drive

• List items or changes in drive

• Search items in a drive

• List children of a drive item

• Get recent files

• Get shared with me

• Get special folders

• Drive item –get/create/delete/update, get children, download content

• Copy and Move item

• Search Items

• Find changes (for this item and it’s children)

• List thumbnails

• Create sharing link

• Add/List/Delete permissions [email protected]

OneDrive – v2

• I can’t tell any differences [email protected]

Outlook Mail – v1

• Get/Update/Delete/Copy a mail

• List/Create attachments

• Forward/Reply/ReplyAll

• Send

• Get/Create/List mail folders

• Create/List messages in a mail folder

• Update/Delete/Copy/Move a mail folder

• Get attachments of• Event

• Mail

• Post

• Delete attachment

• Get contents of an attachment [email protected]

Outlook Mail – v2

• Get/Update autoreply settings

• On Mail, Data extensions and extended properties

• Add/remove/update

• On Mail Folders, Data extensions and extended properties

• Add/remove/update

• Attachment• No changes [email protected]

Outlook Calendar – v1

• List/Create/Get/Update/Delete calendar(s)

• List Calendar views

• CRUD events

• Accept/tentatively accept/decline event

• Reminder – dismiss or snooze

• List recurrences of events

• Manage attachments

• CRUD event message (the calendar invite email)

• Send/Copy/Move event message

• Reply/ReplyAll

• Attachments

• CRUD calendar(s) [email protected]

Outlook Calendar – v2

• Cancel Event

• Data extension and properties on events

• Data extension and properties on event messages

• Data extensions and properties on calendars

• CRUD calendar(s) [email protected]


• List groups

• CRUD group

• Owner or Member• List

• Add

• Remove (v1 only)

• Add/Remove Favorite

• Subscribe/Unsubscribe by mail

• Reset unseen count [email protected]


No changes in beta

• List/create conversation

• Get/Delete group conversation

• List/Create conversation threads

• Accepted senders• List/Create/Delete

• Rejected senders• List/Create/Delete [email protected]

Group\Conversation Thread

No changes in beta

• Threads• CRUD

• Reply to [email protected]


• CRUD Post

• Reply/Forward Post

• Attachments – CRUD on a post

• Data extensions and properties on a post (beta) [email protected]


• V1 – basically gives you an AzureAD directory group, and you manage using that.

• V2 – create/list app role assignments to a directory object [email protected]

Group v2 stuff only

• Get plan(s) for the group – only one plan can be associated with a group today.

• Manage notes [email protected]

V2 only – Organizational contacts

• CRUD contact

• CRUD group

• Org Hierarchy

• Get Directory object [email protected]

V2 only – OneNote

• CRUD• Notes

• Notebooks

• Sections

• Section Groups

• Pages

• Resources on a page [email protected]

V2 only – Excel

• Basically excel services REST API but now online [email protected]

App Model (v1 and v2).. These slides are blue [email protected]

Main differences between v1 and v2

• Accept both Azure AD and Microsoft account (live ID) identities

• Office 365 Authentication Scopes, not resources. Your app can request additional scopes.

• New registration portal.

• Not everything works as of now in v2 app model. [email protected]

What works in v2?

• Outlook mail, calendar, contacts

• The app itself (your custom web apis)

• Graph

• Works for all O365 users.

• Works for some outlook.comusers (create a new account if you want it to work) [email protected]

What does not work in v2?

• Stand alone Web APIs (i.e. ApplicationID of the caller and called must be the same)

• Daemons

• On-Behalf-Of-Flow

• Existing apps (new registration portal and registration required) [email protected]


• Web Browser to Web Application

• JavaScript SPA*

• Native App*

• Web application calling Web API• Application Identity

• Delegated user identity

• Daemon

* can also call CSOM+REST also with user identity [email protected]