All geek questions in one place

MS Graph VS API REST API, OAuth, Win Store / UWP, Xamarin, WebAPI, SSO, Live SDK are deprecated - confusion

After hours of browsing the Internet, reading MS documentation and sample code, I am now just more embarrassed and need some kind of architectural advice.

Basically, I need to develop which APIs are applicable and how to start with them .

Background

I have an existing application (currently a XAML + C # win store 8.1 application) with a WebAPI 2.2 odata backend (as well as some MVC pages).

The client application works fine on Win 8.1 and wins 10 machines. The server side is in the azure virtual machine.

Currently

  • Users are registered in the application (as the user with whom they are logged in with) using a Microsoft account
  • They do not need to enter usernames / passwords, they just accept the permissions (1x) that I specify with areas, for example. "wl.basic", "wl.emails", "wl.calendars"
  • For this, I use the Live Connect libraries (Microsoft.Live.dll, v5.6.0.0)
  • Then I get an AuthenticationToken from LiveLoginResult

eg.

_loginResult.Session.AuthenticationToken
  • Which I pass to the server along with odata requests.
  • The server uses this to find its LiveID / UserID

eg.

 LiveAuthClient authClient = new LiveAuthClient(clientId, clientSecret, redirectUrl); string liveIdGuidAsString = authClient.GetUserId(authenticationToken);
  • Then I use to find the appropriate user in my database and serve their contents odata to the client application.

Things are good.

I want to expand my application to synchronize with / integrate with user's Outlook calendars

It seems a sensible way to do this these days will be either by

  • Outlook REST API
  • MS chart

It also seems that MS can disable the Live API that I am currently using anytime?

https://msdn.microsoft.com/en-us/library/hh243641.aspx

Additional complexity

I also (in a couple of months) would like to expand the application to

  • be an X platform (possibly using the traditional Xamarin with PCL code sharing and the traditional xamarin platform for the UI, possibly using MVVMCross)
  • allow users to use other services for authentication (all OAuth 2.0) - for example. google / gmail accounts

This means that I would like, if possible, to make things raw OAuth for compatibility and NOT to bind myself to any specific MS APIs (obviously, outlook / outlook.com calendar integration would be the only feature available to those users, MS)

In addition, some existing users have outlook.com accounts (which they use to log on to Windows), but have their own calendar information in Hosted Exchange 2010

It seems that you need to access the calendar data, these users will either have to move all their Outlook 2016 data to outlook.com, or configure them as Office 365 accounts, and the data will be transferred to the new accounts.

Questions

1. Where / with whom should I authenticate in order to receive an authorization code and an access token - MS Graph? or Outlook REST API

I saw this answer (i.e. basically prefers MS Graph)

2. Can I save the stunning “no username / password”, just accept the permission functionality “for my users on Windows 8.1 and 10 using“ Microsoft accounts ”?

Of course, with MS Graph, it seems that my Outlook.com/Microsoft Account users will not be able to continue logging into my application based on their Windows users without Username + Password?

The documentation also seems to suggest that in order to use MS Graph, my users must have Office 365 / Azure Active Directory in order to try to minimize exposure and keep a wider audience if I use the Outlook REST API

But then the proposed library for the Outlook REST API looks like ADAL , which seems to rely on Azure Active Directory? So my current outlook.com users will not be able to use it?

3. How long should I replace the Live SDK and use something else?

Basically, I am puzzled by a lot of options and considerations and can make any recommendations regarding which direction (s) to move.

+5
source share
3 answers

There are other options here. We have not completely updated our documentation, so please do not hesitate to contact us. Microsoft Graph supports tokens issued by the new v2 endpoint, and it supports logging in with a Microsoft account or an AAD account for work / school. After entering the system, they will be asked to give permission to access your application. If they log in with a Microsoft account, MS Graph will forward service requests to outlook.com, while with an AAD account, it will be redirected to its O365 inbox. Your application and the API that calls your application (via MS Graph) work the same way, regardless of the type of user. We also have a new .Net client library for MS Graph and a preliminary .Net client library for auth called MSAL (ADAL uses endpoint v1 that only supports AAD, while MSAL supports endpoint v2 that supports MSA and AAD )

We will be releasing more samples soon, but we already have samples that demonstrate the MS Graph call, using MSAL to get tokens that will work for consumers and commercial users: https://github.com/Azure-Samples/active-directory- xamarin-native-v2 . Plus this sample also uses Xamarin!

Hope this helps,

+3
source

I'm doing something similar right now. I use Xamarin.Forms, and first I work on UWP / Windows. Here, I think, it will work in the long run:

  • I use PCL to write all the logic, so I need to use the interface that I load using var auth = DependencyService.Get<IAuthorization>() . This is a Xamarin trick, so read about it for details.

  • I implement the UWP side with WebAuthenticationBroker:

     var startUri = new System.Uri($"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={Constants.AuthID}&redirect_uri={WebAuthenticationBroker.GetCurrentApplicationCallbackUri().ToString()}&response_type=code&scope={WebUtility.UrlEncode(Constants.Scopes)}"); var webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(Windows.Security.Authentication.Web.WebAuthenticationOptions.None, startUri, WebAuthenticationBroker.GetCurrentApplicationCallbackUri());

  • I did NOT understand how to make SSO work. However, in the UWP application, it remembers my login and password (and permissions), so I only need to click on the username when it prompts me to log in. I'm still looking, but the scope of wl-signin is not working here.

  • For iOS and Android, there is a Xamarin component called Xamarin.Auth, which seems to have similar functionality for WebAuthenticaionBroker. I will learn more when I begin to implement these functions. (Just tested with Android and works great for an MS account ... see comments for quirk.)

  • These methods should work for all other services.

+1
source

It seems that Auth0.com is probably the way to go here, as this should allow me to handle things broadly enough for different identity providers, including Microsoft, and they seem to have an add-on / connection type (enterprise) for Azure AD. Plus, I used them before (although the application never went into production) and was a pleasant experience.

It seems that I should be able to easily register users using Auth0, and they have different client libraries for switching to the x-platform (including xamarin)

The "social connection" of the Microsoft account (live) seems to have areas / permissions for accessing calendars, etc.

I'm still not 100% sure that after logging in I will be able to access the MS Graph APIs / Outlook REST APIs on behalf of AD ADO users .

It looks like the Azure AD enterprise connection type has only v limited permissions / scope for the Azure AD API (i.e. listing users in the azure domain, etc.). However, I have not added a connection for Azure AD yet, so they may not be available worldwide, but will appear when I do this?

0
source

Source: https://habr.com/ru/post/1246306/

More articles:


All Articles