Office development: Authentication demystified

Slides:



Advertisements
Similar presentations
Success through People with LinkedIn and O365
Advertisements

Make your app a native part of Office with Add-ins
Create beautiful, fast, interactive pages in SharePoint
Share and work together on the intranet with SharePoint Team Sites
Building Compliant Team Sites
Demystifying the Office 365 profile experience
Build smarter apps with Office 365 using the Microsoft Graph
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Mobile App Trends: lifecycle, functions, and cognitive
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Azure SDKs and Tools for You
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Decoding audit events in Microsoft Office 365
The power of common identity across any cloud
Understand Hybrid Identity with Azure and Azure Stack
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.
Microsoft Ignite /31/ :08 AM
Microsoft Planner: How to manage your team’s work in Office 365
Build smarter bots and devices by connecting to the Microsoft Graph
Excel and Power BI Better Together Democratization of data
Workflow Orchestration with Adobe I/O
Customize Office 365 Search and create result sources
9/11/ :59 PM THR3021 Why Microsoft is updating the new OneDrive sync engine in a different way Hans Brender Cloud Productivity Evangelist Bright.
Automate all things! Microsoft Azure continuous deployment
Microsoft Teams Mobile Collaboration on the go
9/14/2018 4:36 AM The keys to the cloud Use Microsoft identities to sign in and access API from your mobile+web apps Vittorio Bertocci Principal Program.
Advancing the SharePoint Developer Community (PnP)
Improvements in Outlook Calendar
Building a unified experience across Office 365
Microsoft Virtual Academy
What’s new in Office 365 administration
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Controlling and leveraging the power of the Microsoft Graph
11/8/ :11 AM BRK3388 Build applications to secure and manage your enterprise using Microsoft Graph Dan Kershaw & Jeff Sakowicz Program Managers –
Microsoft Graph for the .NET Developer
11/11/2018 1:08 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy
Azure Active Directory
11/14/ :30 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
11/15/ :59 AM THR2294 Building great looking experiences with Microsoft Graph and Office UI Fabric Ben Summers Office Marketing David Lavenda Harmon.ie.
Office 365 Development July 2014.
Collaboration in the Office Apps
11/23/2018 8:30 AM BRK3037 BRK3037: Dive deep on building apps and services with the Office 365 Communications Platform David Newman Senior Program Manager.
Mobile Center and VSTS:​ Better together for your Mobile DevOps
Migrate your apps from legacy APIs to Microsoft Graph
Microsoft products for non-profits
Introduction to ASP.NET Core 1.0
Learn how to make SharePoint Accessible and Inclusive
Five cool things you can do with Windows PowerShell on Office 365
What do YOU get from SharePoint Hybrid?
Microsoft Build /2/2019 6:45 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Office 365 Development.
Overview: Dynamics 365 for Project Service Automation
Office 365 Development.
Breaking Down the Value of A Yammer Post: 20 Things to Do
Cool Microsoft Edge Tips and Tricks
Explore PnP Partner Pack for IT pros, admins and architects
Getting the most out of Azure resources with Azure Advisor
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Manage your App Service resources using Command line tools
“Hey Mom, I’ll Fix Your Computer”
Consolidate, manage, backup, and secure your cloud content
Designing Bots that Fit Your Organization
Ask the Experts: Windows 10 deployment and servicing
Passwordless Service Accounts
Diagnostics and troubleshooting in Azure App Service Support Center
Optimizing your content for search and discovery
Presentation transcript:

Office development: Authentication demystified BRK3225 Office development: Authentication demystified Vittorio Bertocci Principal Program Manager @vibronet www.cloudidentity.com © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Authentication can be easy for known cases. 11/24/2018 3:21 PM Authentication can be easy for known cases. Authentication is hard. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda The main token acquisition pattern Office development Call the Microsoft Graph from your mobile app Call the Microsoft Graph from an office addin Call the Microsoft Graph from a SPA Call the Microsoft Graph from a web app/web API with instructions! Now TØKENCAL MØBILEAP AGÅVE SPÅ WEBÅP © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

TØKENCAL Call API with a Token 11/24/2018 3:21 PM TØKENCAL Call API with a Token 1x 1x APP WEB API 1x 1x AZURE AD USER 1x 1x PORTAL CLIENT SDK © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

STANDALONE WEB AND DEVICE APPS Office 365 Platform EXTENSIONS STANDALONE WEB AND DEVICE APPS DOCUMENTS  PAGES  CANVASES CONVERSATIONS Microsoft Graph

MØBILEAP Mobile app 1x 1x 1x 1x 1x 1x 11/24/2018 3:21 PM HTTPS://AKA.MS/AZUREAD-NETDESKTOP 1x 1x MOBILE APP MICROSOFT GRAPH 1x 1x AZURE AD USER 1x 1x APPS.DEV.MICROSOFT.COM MSAL © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Authentication Library (MSAL) 11/24/2018 3:21 PM Microsoft Authentication Library (MSAL) SDK for gaining access to API protected by Microsoft identities Fully OSS, easy to use, full-featured, production-ready Works with Azure AD v2 (work & school accounts, personal accounts) and B2C Available on .NET 4,5x, .NET Core, Xamarin (iOS, Android, UWP) iOS (ObjC/Swift) Android (Java) Javascript SafariViewController on iOS, Chrome custom tabs on Android © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL PublicClientApplication myApp = 11/24/2018 3:21 PM MSAL PublicClientApplication myApp = new PublicClientApplication("a7d8cef0-4145-49b2-a91d-95c54051fa3f") string[] scopes = { "Mail.Read" }; AuthenticationResult rez = await myApp.AcquireTokenAsync(scopes); © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL and Mobile Apps 11/24/2018 3:21 PM Coding from scratch © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL and token lifecycle 11/24/2018 3:21 PM MSAL and token lifecycle Don’t save tokens, just keep calling AcquireToken* MSAL will do its best to avoid prompting MSAL works with a sophisticated cache Persistent cache for iOS, Android and UWP Inmemory elsewhere - easy to customize to arbitrary storage Cached tokens are matched to requests according to Authority Scopes ClientId User © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Graph ACTIVITY CONTENT CONVERSATIONS INSIGHTS ME TRENDING Microsoft Build 2017 11/24/2018 3:21 PM Microsoft Graph ACTIVITY CONTENT CONVERSATIONS INSIGHTS ME TRENDING ORGANIZATION GROUPS CHATS REPORTS DOCUMENTS EVENTS Rich context, deep insights and core platform capabilities allow you to build smart applications DEVICES SHARED CONTACTS EMAIL SITES PEOPLE TASKS TEAMS © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

With Microsoft Graph Get the user profile Yina Tristan Groups Dmitry Microsoft Build 2017 11/24/2018 3:21 PM GET: /users/yina { "displayName": "Yina", "jobTitle": "PRINCIPAL PM MANAGER", } GET: /users/yina/photo/… {} GET: /users/yina/manager {"displayName": "Tristan", …} GET: /users/yina/directReports "value" : [ {"displayName": "Matt", …}, {"displayName": "Dmitry", …}, ] GET: /me/memberOf/… {"displayName": "Office engineering", …}, {"displayName": "Women in tech", …}, With Microsoft Graph Get the user profile Tristan manager Groups memberOf Yina Dmitry Matt Sudhi directReports © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Build 2017 11/24/2018 3:21 PM GET /me/drive/root/… "value" : [ {"name": "proposal.pptx",… }, {"name": "forecast.xlsx",… } ] GET /drives/items/{id}/workbook GET /me/messages GET /me/events GET /me/contacts GET /me/onenote/notebooks GET /me/planner/tasks GET /me/devices GET /sites:/teams/opg:/ GET /sites:/teams/opg:/lists GET /groups/{id}/conversations ` With Microsoft Graph Get content for email, calendar, files, tasks, sites, notes & more Documents Calendar Sites Tasks Email Meetings Contacts © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

With Microsoft Graph Get insights based on activities Out of office Microsoft Build 2017 11/24/2018 3:21 PM GET /me/insights/trending "value" : [ {"name": "presentation.pptx", …}, {"name": "forecast.xlsx", …} ] GET /me/drive/recent {"name": "guidelines.pptx", …}, {"name": "budget.xlsx", …} GET /me/people/?$search="topic: planning" {"displayName": "Dan", …}, {"displayName": "Sean", …}, POST /me/findMeetingTimes { "attendees": [ "type": "required", "emailAddress": { "address": "ana@contoso.com" } ], "meetingDuration": "2h" With Microsoft Graph Get insights based on activities Out of office Trending Documents Find me the best time to meet Ana Search people based on topics FindMeetingTimes Meeting duration follows ISO8601 People I’m working with Recent Documents © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Understanding delegated permissions 11/24/2018 3:21 PM Understanding delegated permissions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Privileges and Permissions 11/24/2018 3:21 PM Privileges and Permissions Operations on resources require permissions Users are granted privileges Users can grant delegated permissions to applications Applications can exercise privileges on the user’s behalf… …but only within the limits of the delegated permissions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Consent Users grant delegated permissions to apps via consent 11/24/2018 3:21 PM Consent Users grant delegated permissions to apps via consent Consent prompts are shown at first token request time User consent is recorded individually Want to only prompt once per tenant? Admin consent © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AGÅVE Office add-ins 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 11/24/2018 3:21 PM HTTPS://AKA.MS/ADDINSSO AGÅVE Office add-ins 1x 1x KEY USER 1x 1x MICROSOFT GRAPH DOCUMENT 1x 1x ADDIN (JS) ADDIN (WEB API) 1x 1x AZURE AD APPS.DEV.MICROSOFT.COM 1x 1x OAUTH MIDDLEWARE MSAL .NET © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/24/2018 3:21 PM Office AddIn © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ASP.NET Middleware Modules for processing HTTP requests/responses 11/24/2018 3:21 PM ASP.NET Middleware Modules for processing HTTP requests/responses Server-independent (ASP.NET Core) Platform-independent Modules for every protocol OAuth2 (web APIs) OpenId Connect (web apps) WS-Federation (web apps) Automates: Token validation (via service metadata) Protocol enforcement © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ASP.NET Core Middleware Traditional ASP.NET Application Model ASP.NET Core Middleware

ASP.NET Core Middleware

SPÅ Single page application 11/24/2018 3:21 PM SPÅ Single page application HTTPS://AKA.MS/AZUREAD-JSSPA 1x 1x SPA OAUTH MIDDLEWARE 1x 1x BROWSER MICROSOFT GRAPH 1x 1x AZURE AD USER 1x 1x APPS.DEV.MICROSOFT.COM MSAL JS © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL JS and Single Page Apps 11/24/2018 3:21 PM MSAL JS and Single Page Apps © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

WEBÅP Web app 1x 1x 1x 1x 1x 1x 1x 1x 1x 11/24/2018 3:21 PM HTTPS://AKA.MS/AZUREAD-COREWEB WEBÅP Web app 1x WEB APP 1x 1x <AUTHZ CODE> MICROSOFT GRAPH OIDC MIDDLEWARE <AUTHZ CODE> <AUTHZ CODE> 1x 1x BROWSER KEY 1x 1x AZURE AD USER 1x 1x APPS.DEV.MICROSOFT.COM MSAL .NET © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL and Caching on the mid-tier 11/24/2018 3:21 PM MSAL and Caching on the mid-tier If your app needs offline access, you need to save access & refresh tokens in persistent storage MSAL offers an extensible cache model You are notified when the in-memory cache is accessed, so that you can reflect changes in your persistent copy The cache format remain opaque Note: you never see the bits of refresh tokens! MSAL uses RTs automatically when calling AcquireTokenSilent © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Web App and Graph API 11/24/2018 3:21 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

App vs User Permissions 11/24/2018 3:21 PM App vs User Permissions Web apps have their own identity OAuth2 “confidential clients” Resources can expose application permissions Application permissions: Are granted via admin consent Once granted, they endow the app with the corresponding privilege © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Related sessions Code Time Slot Title Speaker THR3031 THR2072 THR2071 11/24/2018 3:21 PM Related sessions Code Time Slot Title Speaker THR3031 Theater #05: Monday 4:35-4:55 Build applications to secure and manage your enterprise using Microsoft Graph Jeff Sakowicz THR2072 Theater #13: Tuesday 11:35-11:55 Migrate your apps from legacy APIs to Microsoft Graph Dan Kershaw THR2071 Theater #18: Tuesday 2:10-2:30 Managing enterprise applications, permissions, and consent in Azure Active Directory BRK3080 75 min #07: Wednesday 9:00–10:15 Build smarter apps with Office using the Microsoft Graph Yina Arenas BRK3225 75 min #08: Wednesday 10:45–12:00 Office development: Authentication demystified Vittorio Bertocci BRK3202 75 min #10: Wednesday 2:15–3:30 Modern business processes with Microsoft Graph and Azure Functions Dan Silver BRK3039 75 min #11: Wednesday 4:00–5:15 Integrate OneDrive and SharePoint files, collaboration and sharing using Microsoft Graph Ryan Gregg BRK2194 45 min #15: Thursday 9:00-9:45 Building great looking experiences with Microsoft Graph and Office UI Fabric Ben Summers BRK3340 75 min #14: Thursday 12:30–1:45 Build intelligent LoB apps leveraging Outlook/Exchange data, using Microsoft Graph  Deepak Singh BRK3200 75 min #13: Thursday 10:45-12:00 Build smarter bots and devices by connecting to the Microsoft Graph Rob Howard BRK3221 75 min #17: Friday 9:00–10:15 Developing enterprise bots with Office 365 Richard DiZerega © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Go deeper with authentication! 11/24/2018 3:21 PM Go deeper with authentication! https://aka.ms/aaddev2 https://aka.ms/AzureAD-Basics https://aka.ms/AzureADv2-flows © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Authentication is hard... 11/24/2018 3:21 PM Authentication is hard... ish  © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 11/24/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11/24/2018 3:21 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.