extend your development skills set using ms graph

SharePoint Saturday Belgium 2017 • October 21 • Brussels Track: Developer| Level: 200

Extend your development skills set using MS Graph

Yannick Borghmans

@yborghmans

Pla

tin

um

Go

ldSi

lver

SharePoint Saturday Belgium 2017 • October 21 • Brussels

Agenda

• What’s Microsoft Graph

• Calling the API and getting entities

• Authentication

• How to get started with development• Graph explorer• Authentication• Coding

• Roadmap

• + Next session => Donald• .NET, Extensions, Webhooks, SP


What’s Microsoft Graph?


SITES

GROUPS

ME

CONVERSATIONS CONTENT

INSIGHTS

CONTACTS

PEOPLE

ORGANIZATION

TASKSEMAIL

EVENTS

DOCUMENTS

DEVICES

CHATS

TEAMS

ACTIVITY

TRENDING

SHARED

REPORTS

Microsoft Graph

SharePoint Saturday Belgium 2017 • October 21 • BrusselsUsers Groups Outlook OneNote more…SharePoint IntuneTeams Azure ADPlanner Excel

https://graph.microsoft.com

Your appOne endpoint

One token

All users

Microsoft Graph API

Access user, group and organizational data


Calling the Microsoft Graph

MicrosoftGraph


Calling the API & Entities


Calling the API

• HTTP verbs dictate the request intent: GET | POST | PATCH | PUT | DELETE

• Version: /v1.0 or /beta

• Resource: /users, /groups, /sites, /drives, /devices, more…

• Member from collection: /users/AAA

• Property: /users/AAA/department

• Traverse to related resources via navigations: /users/AAA/events

• Query parameters: /users/AAA/events?$top=5

o Format results: $select | $orderby

o Control results: $filter | $expand

o Paging: $top | $skip | $skiptoken

/{version} ?{query-parameters}/{resource}/{id}/{property}


Resources available (/v1.0)

Users Messages MailFolder Events

Contact (Folder)

LicenseDetails Drives Driveitem

Groups Conversations Tasks ...


Resources available (/beta)

Users Messages MailFolder EventsContact (Folder)

LicenseDetails

Drives Driveitem Groups Conversations Tasks Teams

ChatThread ProjectRome Reports ...


Users – common operations


https://graph.microsoft.com/v1.0/me

{"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity","id": "785452c3-e854-4f7b-b6f2-23ab357898a9","businessPhones": [

"8006427676"],"displayName": "MOD Administrator","givenName": "MOD","jobTitle": null,"mail": "[email protected]","mobilePhone": "425-882-1032","officeLocation": null,"preferredLanguage": "en-US","surname": "Administrator","userPrincipalName": "[email protected]"

}


https://graph.microsoft.com/v1.0/me?$select=displayName,skills{

"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users(displayName,skills)/$entity",

"displayName": "MOD Administrator",

"skills": [

"O365 development"

]

}


https://graph.microsoft.com/v1.0/me/drive/recent{

"@odata.type": "#microsoft.graph.driveItem","createdBy": {

"user": {"email": "[email protected]","displayName": "MOD Administrator"

}},"createdDateTime": "2017-10-07T01:34:44Z","id": "01AWEBQD3AXC2JGWHY65GLOG3XCR4YVGDO","lastModifiedBy": {

"user": {"email": "[email protected]","displayName": "MOD Administrator“

}},"lastModifiedDateTime": "2017-06-01T17:37:48Z","name": "High Density Print Head Installation Storyboard.pptx","parentReference": {

"driveId": "b!QWWNUVTcuUW0OLVrvm50FNtajrrVyPdJjNnOgpYlCUeh-XsODUNRSLlLssX3oKqp","driveType": "business"},

"webUrl": "https://m365x135018.sharepoint.com/sites/VideoProduction/_... ","size": 1007584

},


DemoGraph Explorer


Where is it included in O365


Where is it included in O365 - Delve


Where is it included in O365 - Outlook


Where is it included in O365 – Sharepoint.aspx


Where is it included in O365 – OneDrive


Where is it included in O365 - Groups


Where is it included in O365 – People cards


Authentication


Multiple concepts

Azure v1 endpoint vs Azure v2 endpoint

01Registering Azure/AAD vs apps.dev.microsoft.com

02Permissions

03Admin consents

04Authentication flows

05



Work and school Personal

with ADAL with ADAL



Example: Web Application + Service APIv1 => 2 AAD applications (Web Application + Native Application)

v2 => 1 AAD Application, multiple platforms



Available libraries for authentication:

v1 => ADAL

v2 => MSAL (preview)

• Configurable token cache that stores access tokens and refresh tokens

• Automatic token refresh when an access token expires and a refresh token is available

• Support for asynchronous method calls

• ...



• Scopes instead of resources• Resource Identifier, or AppID URI: https://graph.windows.net/

• Scopes, or OAuth2Permissions: Directory.Read, Directory.Write, etc.

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=2d4d11a2-f814-46a7-890a-274a72a7309e&scope=https%3A%2F%2Fgraph.windows.net%2Fdirectory.read%20https%3A%2F%2Fgraph.windows.net%2Fdirectory.write

GET https://login.microsoftonline.com/common/oauth2/authorize? client_id=2d4d11a2-f814-46a7-890a-274a72a7309e &resource=https%3A%2F%2Fgraph.windows.net%2F ...

https://graph.windows.net/



• Incremental and dynamic consentv1 => Permissions where set in AAD at app creation time

Adding permissions over time was a difficult process

v2 => Using scope attribute while application grows


Permissions - examples

• Calendars.Read

• Calendars.Read.Shared

• Calendars.ReadWrite

• Calendars.ReadWrite.Shared

• User.ReadBasic.All

• User.Read

• User.ReadWrite

• User.Read.All

• User.ReadWrite.All

• Directory.Read.All

• Directory.ReadWrite.All

• Directory.AccessAsUser.All

• ...


Permissions

• Delegated Permissions• Are used by apps that have a signed-in user present

• Application Permissions• Are used by apps that run without a signed-in user present


Effective Permissions – e.g. User.ReadWrite.All

• Delegated Permissions• Least priviliged intersection of the delegated permissions

• Application Permissions• full level of privileged implied by the permission


Admin consent

• Global administrator has to give it consent about the permissions


Admin consent

• If not given =>• Error for end-user

• Consent question for global administrator


Implicit flow aka Client-Side Flow


Implicit flow aka Client-Side Flow

• Typically used by client side scripts (JS, TS, Angular, React ...)

• No client-secret due to no secure place to store it

• Temporary token


Client credentials Flow aka Server-Side Flow


Client credentials Flow aka Server-Side Flow

• If your application can keep a (client) secret

• Server-server communication, webjobs, services,...

• Without interaction of an user

• Application ID + ?• Client secrect

• Certificate


How to get started with development


What can you do?

• What next possible meeting time for a group?

• Who is the manager of a specific person?

• On what documents is my meeting partner working on?


Azure configuration

1. Register a new application Azure AD1. Configure properties

1. App ID URI

2. Reply URL

2. Add permissions (+ Grant permissions)

3. Enable implicit flow (client side..)


Code configuration

1. Where to start from• Scratch

• dev.microsoft.com/graph => code samples

• Pnp Github => code samples

2. Libraries to use• SDK’s (.NET, JS, IOS, Android, PHP)

• ADAL, MSAL


DemoRegistration of your app

Github code samples

Code example


Roadmap


Capabilities

Announcements at IgniteGenerally Available ( v1.0 ) Preview ( beta )

Delta query for OneDrive, AAD and Outlook

Web hooks for OneDrive

Web hooks for Outlook

Extend Graph with your own data

SDKs for .Net/Xamarin, JS/Node, Android and PHP

Web hooks for users and groups

Delta query scoping filter for AAD

Batching

SharePoint Saturday Belgium 2017 • October 21 • Brussels Track: Developer| Level: 200

Extend your development skills set using MS Graph

Yannick Borghmans


Thank You!

Feedbackhttp://spsbe.be

extend your development skills set using ms graph

Technology