Office 365 API Tools

Simon Just Kjeldgaard Pedersen @ Delegate A/S
@simped
http://wp.sjkp.dk

Agenda

  • Intro to Office 365 API tools 
  • Intro to OAuth2
  • Web Site example

What does Office 365 API Tools library offer?

  • Easy way to use Office 365 APIs in 3rd party client applications (Web, Native or Mobile)
    • Perform authentication and discovery
    • Use the Mail, Calendar and Contacts API (Exchange)
    • Use the My Files and Sites API (currently .NET only, with JavaScript coming soon) (SharePoint)
    • Use the Users and Groups API (Active Directory)
    • Use the CRM API (currently not officially supported, but it works)
  • Everything you do with Office 365 API library, is done on behalf of the User (No service account magic, hence client applications)
  • If you need to run as a service account, then use the SharePoint App model, with app authentication. For CRM your are afaik out of luck 

Typical usage scenarios for Office 365 API tools

  • Websites hosted outside of Office 365 that wants to surface Office 365 user data
    • Typically multitenant applications (although not a requirement)
    • Applications for users that dislike SharePoint UI
    • Standalone applications, e.g.
      • Physical Print service 
      • Pdf service 
      • External file storage (import/export)
  •  Everything mobile 
    • Great support for Windows Phone (obviously)
    • Cross platform support via. PhoneGap (new in VS2013 update 2, called native apps)
    • Some support via Xamarin (haven’t tested it)
  • Native apps
    • Windows Store
    • Windows Forms or WPF 

Office 365 API tools vs. SharePoint App model

Office 365 API tools SharePoint App model
  • REST support
  • Everything is on behalf of the user
  • In Preview (tooling okay, but it changes)
  • Require Azure tenant
  • Azure AD, Exchange, SharePoint, CRM support
  • Mobile and Native support
  • Loosely integrated
  • CSOM and REST support
  • On behalf of the user or app
  • Mature (good tooling)
  • No external requirement (if you do SharePoint hosted)
  • SharePoint only
  • Web only
  • Tight integration with SharePoint

How to get it



What does the Extension add?

  • A new context menu in Visual Studio for all supported project types: Right click project -> Add -> Connected Service
  • Adds all required nuget packages to your project 
  • Adds sample code to your project
  • Adds a Azure App to your Active Directory (and configures it)
  • Adds (mostly) correct configuration parameters to your .config 
  • Provides easy to (re)use authentication classes
  • Provides some simple base classes (they but suck for everything but the sample code)

Demo time

Use Office 365 API Tools to show Emails in Exchange

How does it work (Intro)?

  • It uses OAuth2 to securily access the data in SharePoint on behalf of the user
  • How much do you know about OAuth2? 

  • Authentication: Who are you? 
  • Authorization: What can you access?

How does it work (Component overview)


OAuth2 Flows Get Authorization Grant

Authorization Code Flow (server side) Implicit Flow (Client Side)
  1. Get Authorization Grant
  2. Get Access Token
  3. Access Protected Ressource
  4. For long lived sessions the access token is refreshed with a refresh token
  1. Get Access Token
  2. Access Protected Resource

Authorization Code Flow (Access OneDrive, No Multitenancy)


Authorization Code Flow (Access OneDrive, No Multitenancy)

Add multitenancy to the mix

  • In previous slides the Azure AD App was installed by an Azure AD Admin, allowing all users in the organization to use it (effectively trusting that the app is harmless)
  • If the Azure AD App is multitenant enabled, then it can be used by users outside the organization that created it
  • The first time a user, uses a multitenant app, he has to give the consent that the app can access the protected ressource on his behalf (effectively he is trusting the app, technically the app is installed for that user in his Azure AD)
  • An Azure AD App multitenant can also be installed for all users in an organization by an Azure AD Admin, removing the need for every single user to accept it 

Demo

Access files in OneDrive/CRM

Managing Azure AD Apps

Resources

Office 365 API Tools

By Simon J.K. Pedersen

Office 365 API Tools

  • 2,416