Liens

Calling O365 APIs from your Web API on behalf of a user

Description

Microsoft Graph remplace Office 365 API et Azure AD Graph API.
Il réunit au sein d'une unique API toutes les données relatives aux utilisateurs.

Web-hosted resource	Application ID URI
The Office 365 Unified Mail API	https://outlook.office.com
The Azure AD Graph API	https://graph.windows.net
Microsoft Graph	https://graph.microsoft.com

Permissions

Mapping Permission - Display String

Description	Url	Permissions
Profil de l'utilisateur courant	/me	Pas de permission nécessaire, fonctionne même sans l'ajout de l'API Microsoft Graph dans les permissions.
Liste des profils des utilisateurs	/users	Access directory as the signed in user
Photo beta	/users/<userId>/photo/$value	View users' basic profile Read all users' basic profiles
Envoyer un email	POST /me/sendMail	Send mail as a user Nécessite Outlook on the web (Exchange Web Connect, Outlook Web Access OWA) Sinon erreur Resource could not be discovered
Événements du calendrier	/me/events /users/<userId>/events	Read user calendars
Accès aux configuration InTune beta	/me/managedDevices	Read Microsoft Intune apps (DeviceManagementApps.Read.All)

Converged vs Azure AD applications

Graph ne fonctionne qu'avec des Converged apps et pas avec des AAD apps.
Les Converged apps sont a enregistrer sur apps.dev.microsoft.com

Filtres sur les requêtes

Exemples
users?$filter=givenName eq 'Nicolas' and surname eq 'XXX')
users?$filter=startswith(givenName,'Nicolas')
me/events?$filter=start/dateTime ge '2009-06-15T13:45:30'
users?$top=999
users?$select=givenName,surname
me/events?$orderby=start/dateTime

Video REST API

URL	Description
https://xxx.sharepoint.com/portals/hub/_api/VideoService/Channels	Liste des channels
https://xxx.sharepoint.com/portals/hub/_api/VideoService/Channels/(guid'xxx')/Videos(guid'xxx')/ThumbnailStream	Thumbnail

Retrieving thumbnails using Video REST API

Microsoft.Graph client library

package Nuget Microsoft.Graph

var graphClient = new GraphServiceClient(
        "https://graph.microsoft.com/v1.0",
        new DelegateAuthenticationProvider(
            async (requestMessage) =>
            {
                var token = TokenGraph;
                requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token);
                await Task.FromResult("");
            }));

// User Me
var user = await graphClient.Me.Request().GetAsync();
string userId = user.Id;

Intro to the Microsoft Graph .NET Client Library

NextMeetingsForGraphSample

var start = DateTime.UtcNow.ToString("o");
var end = DateTime.UtcNow.AddDays(7).ToString("o");

var optionStart = new QueryOption("startDateTime", start);
var optionEnd = new QueryOption("endDateTime", end);

IUserCalendarViewCollectionPage calendarView = await graphService.Me.CalendarView.Request(new[] { optionStart, optionEnd }).GetAsync();

var hasMorePages = true;
var events = new List<Event>();
while (hasMorePages)
{
    foreach (var ev in calendarView.CurrentPage.ToList())
        events.Add(ev);
    hasMorePages = calendarView.NextPageRequest != null;
    if (hasMorePages)
        calendarView = await calendarView.NextPageRequest.GetAsync();
}

foreach (var ev in events) {}

WPF client

Avec un token Azure AD

MainWindows.xaml.cs

private string _clientId = "xxx";
private static string _tenant = "xxx.onmicrosoft.com";
private string _authority = $"https://login.microsoftonline.com/{_tenant}";

private string _graphResourceUrl = "https://graph.microsoft.com";
private string _resourceUrl = "https://xxx.onmicrosoft.com/xxx";

private Uri _redirectUri = new Uri("https://wpfclient");
string[] scopes = new string[] { "user.read" };

private HttpClient _httpClient = new HttpClient();
private string _token;
private string _tokenGraph;

private async void signin_Click(object sender, RoutedEventArgs e)
{
    AuthenticationContext authContext = new AuthenticationContext(_authority);
    AuthenticationResult authResult = null;

    try
    {
        authResult = await authContext.AcquireTokenAsync(_resourceUrl, _clientId, _redirectUri, new PlatformParameters(PromptBehavior.Auto));
        _token = authResult.AccessToken;
        AppendText("You signed in!");
    }
    catch (AdalException aex)
    {
        AppendText(aex.ToString());
    }
}

// get the token graph automatically if the azure AD is already in the cache
private async void tokengraph_Click(object sender, RoutedEventArgs e)
{
    AuthenticationContext authContext = new AuthenticationContext(_authority);
    AuthenticationResult authResult = null;

    try
    {
        authResult = await authContext.AcquireTokenSilentAsync(_graphResourceUrl, _clientId);
        _tokenGraph = authResult.AccessToken;
        AppendText("You got the token for the graph!");
    }
    catch (AdalException aex)
    {
        AppendText(aex.ToString());
    }
}

// use the token graph to request the graph
private async void profile_Click(object sender, RoutedEventArgs e)
{
    string url = "https://graph.microsoft.com/v1.0/me";

    if (_tokenGraph != null)
    {
        HttpResponseMessage response;
        try
        {
            var request = new HttpRequestMessage(HttpMethod.Get, url);
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _tokenGraph);
            response = await _httpClient.SendAsync(request);
            var content = await response.Content.ReadAsStringAsync();
            AppendText(content);
        }
        catch (Exception ex)
        {
            AppendText(ex.ToString());
        }
    }
    else
    {
        AppendText("You need to get the token graph first.");
    }
}

Avec Microsoft.Identity.Client

Packages Nuget:

Microsoft.Identity.Client

MainWindows.xaml.cs

// config
// client ID de Converged applications.
// ne fonctionne pas avec les client ID des AAD applications
// AADSTS70001: Application is not supported for this API version.
private string _clientId = "xxx";
private static string _tenant = "xxx.onmicrosoft.com";
private string _authority = $"https://login.microsoftonline.com/{_tenant}";
// Set the scope for API call to user.read
string[] scopes = new string[] { "user.read" };

private PublicClientApplication _clientApp;
Microsoft.Identity.Client.AuthenticationResult authResult = null;
private HttpClient _httpClient = new HttpClient();

public MainWindow()
{
    InitializeComponent();
    _clientApp = new PublicClientApplication(_clientId, _authority, TokenCacheHelper.GetUserCache());
}

private async void signin_Click(object sender, RoutedEventArgs e)
{
    try
    {
        authResult = await _clientApp.AcquireTokenSilentAsync(scopes, _clientApp.Users.FirstOrDefault());
        AppendText("Signed-in using the cache.");
    }
    catch (MsalUiRequiredException ex)
    {
        try
        {
            authResult = await _clientApp.AcquireTokenAsync(scopes);
            AppendText("Signed-in successfully.");
        }
        catch (MsalException msalex)
        {
            AppendText($"Error Acquiring Token:\n{msalex}");
        }
    }
    catch (Exception ex)
    {
        AppendText($"Error Acquiring Token Silently:\n{ex}");
        return;
    }
}

private void signout_Click(object sender, RoutedEventArgs e)
{

}

private async void getProfile_Click(object sender, RoutedEventArgs e)
{
    //Set the API Endpoint to Graph 'me' endpoint
    string graphAPIEndpoint = "https://graph.microsoft.com/v1.0/me";

    if (authResult != null)
    {
        AppendText(await GetHttpContentWithToken(graphAPIEndpoint, authResult.AccessToken));
    }
    else
    {
        AppendText("You need to sign-in first.");
    }
}

/// <summary>
/// Perform an HTTP GET request to a URL using an HTTP Authorization header
/// </summary>
/// <param name="url">The URL</param>
/// <param name="token">The token</param>
/// <returns>String containing the results of the GET operation</returns>
public async Task<string> GetHttpContentWithToken(string url, string token)
{
    HttpResponseMessage response;
    try
    {
        var request = new HttpRequestMessage(HttpMethod.Get, url);
        // Add the token in Authorization header
        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
        response = await _httpClient.SendAsync(request);
        var content = await response.Content.ReadAsStringAsync();
        return content;
    }
    catch (Exception ex)
    {
        return ex.ToString();
    }
}

TokenCacheHelper.cs

static class TokenCacheHelper
{
    public static TokenCache GetUserCache()
    {
        if (usertokenCache == null)
        {
            usertokenCache = new TokenCache();
            usertokenCache.SetBeforeAccess(BeforeAccessNotification);
            usertokenCache.SetAfterAccess(AfterAccessNotification);
        }
        return usertokenCache;
    }

    static TokenCache usertokenCache;

    public static string CacheFilePath = System.Reflection.Assembly.GetExecutingAssembly().Location + "msalcache.txt";

    private static readonly object FileLock = new object();

    public static void BeforeAccessNotification(TokenCacheNotificationArgs args)
    {
        lock (FileLock)
        {
            args.TokenCache.Deserialize(File.Exists(CacheFilePath)
                ? File.ReadAllBytes(CacheFilePath)
                : null);
        }
    }

    public static void AfterAccessNotification(TokenCacheNotificationArgs args)
    {
        // if the access operation resulted in a cache update
        if (args.TokenCache.HasStateChanged)
        {
            lock (FileLock)
            {
                // reflect changes in the persistent store
                File.WriteAllBytes(CacheFilePath, args.TokenCache.Serialize());
                // once the write operation takes place restore the HasStateChanged bit to false
                args.TokenCache.HasStateChanged = false;
            }
        }
    }
}

Erreurs

Application is not supported for this API version.

Inscrire l'application comme converged app sur apps.dev.microsoft.com
Configurer l'app (redirect url)
Utiliser le client id de la converged app