Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office development: Authentication demystified

Published byAudra Gallagher Modified over 6 years ago

Similar presentations

Presentation on theme: "Office development: Authentication demystified"— Presentation transcript:

1 Office development: Authentication demystified
BRK3225 Office development: Authentication demystified Vittorio Bertocci Principal Program Manager @vibronet © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Authentication can be easy for known cases.
11/24/2018 3:21 PM Authentication can be easy for known cases. Authentication is hard. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Agenda The main token acquisition pattern Office development
Call the Microsoft Graph from your mobile app Call the Microsoft Graph from an office addin Call the Microsoft Graph from a SPA Call the Microsoft Graph from a web app/web API with instructions! Now TØKENCAL MØBILEAP AGÅVE SPÅ WEBÅP © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 TØKENCAL Call API with a Token
11/24/2018 3:21 PM TØKENCAL Call API with a Token 1x 1x APP WEB API 1x 1x AZURE AD USER 1x 1x PORTAL CLIENT SDK © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 STANDALONE WEB AND DEVICE APPS
Office 365 Platform EXTENSIONS STANDALONE WEB AND DEVICE APPS DOCUMENTS PAGES CANVASES CONVERSATIONS Microsoft Graph

6 MØBILEAP Mobile app 1x 1x 1x 1x 1x 1x 11/24/2018 3:21 PM
1x 1x MOBILE APP MICROSOFT GRAPH 1x 1x AZURE AD USER 1x 1x APPS.DEV.MICROSOFT.COM MSAL © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Microsoft Authentication Library (MSAL)
11/24/2018 3:21 PM Microsoft Authentication Library (MSAL) SDK for gaining access to API protected by Microsoft identities Fully OSS, easy to use, full-featured, production-ready Works with Azure AD v2 (work & school accounts, personal accounts) and B2C Available on .NET 4,5x, .NET Core, Xamarin (iOS, Android, UWP) iOS (ObjC/Swift) Android (Java) Javascript SafariViewController on iOS, Chrome custom tabs on Android © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 MSAL PublicClientApplication myApp =
11/24/2018 3:21 PM MSAL PublicClientApplication myApp = new PublicClientApplication("a7d8cef b2-a91d-95c54051fa3f") string[] scopes = { "Mail.Read" }; AuthenticationResult rez = await myApp.AcquireTokenAsync(scopes); © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 MSAL and Mobile Apps 11/24/2018 3:21 PM Coding from scratch
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 MSAL and token lifecycle
11/24/2018 3:21 PM MSAL and token lifecycle Don’t save tokens, just keep calling AcquireToken* MSAL will do its best to avoid prompting MSAL works with a sophisticated cache Persistent cache for iOS, Android and UWP Inmemory elsewhere - easy to customize to arbitrary storage Cached tokens are matched to requests according to Authority Scopes ClientId User © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Microsoft Graph ACTIVITY CONTENT CONVERSATIONS INSIGHTS ME TRENDING
Microsoft Build 2017 11/24/2018 3:21 PM Microsoft Graph ACTIVITY CONTENT CONVERSATIONS INSIGHTS ME TRENDING ORGANIZATION GROUPS CHATS REPORTS DOCUMENTS EVENTS Rich context, deep insights and core platform capabilities allow you to build smart applications DEVICES SHARED CONTACTS SITES PEOPLE TASKS TEAMS © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 With Microsoft Graph Get the user profile Yina Tristan Groups Dmitry
Microsoft Build 2017 11/24/2018 3:21 PM GET: /users/yina { "displayName": "Yina", "jobTitle": "PRINCIPAL PM MANAGER", } GET: /users/yina/photo/… {} GET: /users/yina/manager {"displayName": "Tristan", …} GET: /users/yina/directReports "value" : [ {"displayName": "Matt", …}, {"displayName": "Dmitry", …}, ] GET: /me/memberOf/… {"displayName": "Office engineering", …}, {"displayName": "Women in tech", …}, With Microsoft Graph Get the user profile Tristan manager Groups memberOf Yina Dmitry Matt Sudhi directReports © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Microsoft Build 2017 11/24/2018 3:21 PM GET /me/drive/root/… "value" : [ {"name": "proposal.pptx",… }, {"name": "forecast.xlsx",… } ] GET /drives/items/{id}/workbook GET /me/messages GET /me/events GET /me/contacts GET /me/onenote/notebooks GET /me/planner/tasks GET /me/devices GET /sites:/teams/opg:/ GET /sites:/teams/opg:/lists GET /groups/{id}/conversations ` With Microsoft Graph Get content for , calendar, files, tasks, sites, notes & more Documents Calendar Sites Tasks Meetings Contacts © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 With Microsoft Graph Get insights based on activities Out of office
Microsoft Build 2017 11/24/2018 3:21 PM GET /me/insights/trending "value" : [ {"name": "presentation.pptx", …}, {"name": "forecast.xlsx", …} ] GET /me/drive/recent {"name": "guidelines.pptx", …}, {"name": "budget.xlsx", …} GET /me/people/?$search="topic: planning" {"displayName": "Dan", …}, {"displayName": "Sean", …}, POST /me/findMeetingTimes { "attendees": [ "type": "required", " Address": { "address": } ], "meetingDuration": "2h" With Microsoft Graph Get insights based on activities Out of office Trending Documents Find me the best time to meet Ana Search people based on topics FindMeetingTimes Meeting duration follows ISO8601 People I’m working with Recent Documents © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Understanding delegated permissions
11/24/2018 3:21 PM Understanding delegated permissions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Privileges and Permissions
11/24/2018 3:21 PM Privileges and Permissions Operations on resources require permissions Users are granted privileges Users can grant delegated permissions to applications Applications can exercise privileges on the user’s behalf… …but only within the limits of the delegated permissions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Consent Users grant delegated permissions to apps via consent
11/24/2018 3:21 PM Consent Users grant delegated permissions to apps via consent Consent prompts are shown at first token request time User consent is recorded individually Want to only prompt once per tenant? Admin consent © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 AGÅVE Office add-ins 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 11/24/2018 3:21 PM
AGÅVE Office add-ins 1x 1x KEY USER 1x 1x MICROSOFT GRAPH DOCUMENT 1x 1x ADDIN (JS) ADDIN (WEB API) 1x 1x AZURE AD APPS.DEV.MICROSOFT.COM 1x 1x OAUTH MIDDLEWARE MSAL .NET © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 11/24/2018 3:21 PM Office AddIn © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 ASP.NET Middleware Modules for processing HTTP requests/responses
11/24/2018 3:21 PM ASP.NET Middleware Modules for processing HTTP requests/responses Server-independent (ASP.NET Core) Platform-independent Modules for every protocol OAuth2 (web APIs) OpenId Connect (web apps) WS-Federation (web apps) Automates: Token validation (via service metadata) Protocol enforcement © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 ASP.NET Core Middleware
Traditional ASP.NET Application Model ASP.NET Core Middleware

22 ASP.NET Core Middleware

23 SPÅ Single page application
11/24/2018 3:21 PM SPÅ Single page application 1x 1x SPA OAUTH MIDDLEWARE 1x 1x BROWSER MICROSOFT GRAPH 1x 1x AZURE AD USER 1x 1x APPS.DEV.MICROSOFT.COM MSAL JS © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 MSAL JS and Single Page Apps
11/24/2018 3:21 PM MSAL JS and Single Page Apps © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 WEBÅP Web app 1x 1x 1x 1x 1x 1x 1x 1x 1x 11/24/2018 3:21 PM
WEBÅP Web app 1x WEB APP 1x 1x <AUTHZ CODE> MICROSOFT GRAPH OIDC MIDDLEWARE <AUTHZ CODE> <AUTHZ CODE> 1x 1x BROWSER KEY 1x 1x AZURE AD USER 1x 1x APPS.DEV.MICROSOFT.COM MSAL .NET © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 MSAL and Caching on the mid-tier
11/24/2018 3:21 PM MSAL and Caching on the mid-tier If your app needs offline access, you need to save access & refresh tokens in persistent storage MSAL offers an extensible cache model You are notified when the in-memory cache is accessed, so that you can reflect changes in your persistent copy The cache format remain opaque Note: you never see the bits of refresh tokens! MSAL uses RTs automatically when calling AcquireTokenSilent © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Web App and Graph API 11/24/2018 3:21 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 App vs User Permissions
11/24/2018 3:21 PM App vs User Permissions Web apps have their own identity OAuth2 “confidential clients” Resources can expose application permissions Application permissions: Are granted via admin consent Once granted, they endow the app with the corresponding privilege © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Related sessions Code Time Slot Title Speaker THR3031 THR2072 THR2071
11/24/2018 3:21 PM Related sessions Code Time Slot Title Speaker THR3031 Theater #05: Monday 4:35-4:55 Build applications to secure and manage your enterprise using Microsoft Graph Jeff Sakowicz THR2072 Theater #13: Tuesday 11:35-11:55 Migrate your apps from legacy APIs to Microsoft Graph Dan Kershaw THR2071 Theater #18: Tuesday 2:10-2:30 Managing enterprise applications, permissions, and consent in Azure Active Directory BRK3080 75 min #07: Wednesday 9:00–10:15 Build smarter apps with Office using the Microsoft Graph Yina Arenas BRK3225 75 min #08: Wednesday 10:45–12:00 Office development: Authentication demystified Vittorio Bertocci BRK3202 75 min #10: Wednesday 2:15–3:30 Modern business processes with Microsoft Graph and Azure Functions Dan Silver BRK3039 75 min #11: Wednesday 4:00–5:15 Integrate OneDrive and SharePoint files, collaboration and sharing using Microsoft Graph Ryan Gregg BRK2194 45 min #15: Thursday 9:00-9:45 Building great looking experiences with Microsoft Graph and Office UI Fabric Ben Summers BRK3340 75 min #14: Thursday 12:30–1:45 Build intelligent LoB apps leveraging Outlook/Exchange data, using Microsoft Graph  Deepak Singh BRK3200 75 min #13: Thursday 10:45-12:00 Build smarter bots and devices by connecting to the Microsoft Graph Rob Howard BRK3221 75 min #17: Friday 9:00–10:15 Developing enterprise bots with Office 365 Richard DiZerega © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Go deeper with authentication!
11/24/2018 3:21 PM Go deeper with authentication! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Authentication is hard...
11/24/2018 3:21 PM Authentication is hard... ish  © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Please evaluate this session
Tech Ready 15 11/24/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 11/24/2018 3:21 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Office development: Authentication demystified"

Similar presentations

Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
Create beautiful, fast, interactive pages in SharePoint

Create beautiful, fast, interactive pages in SharePoint
Share and work together on the intranet with SharePoint Team Sites

Share and work together on the intranet with SharePoint Team Sites
Building Compliant Team Sites

Building Compliant Team Sites
Demystifying the Office 365 profile experience

Demystifying the Office 365 profile experience
Build smarter apps with Office 365 using the Microsoft Graph

Build smarter apps with Office 365 using the Microsoft Graph
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Mobile App Trends: lifecycle, functions, and cognitive

Mobile App Trends: lifecycle, functions, and cognitive
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Azure SDKs and Tools for You

Azure SDKs and Tools for You
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365
The power of common identity across any cloud

The power of common identity across any cloud
Understand Hybrid Identity with Azure and Azure Stack

Understand Hybrid Identity with Azure and Azure Stack
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.

7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM

Similar presentations

Ads by Google