Microsoft Graph community call-April 2019

Microsoft 365 Developer · Intermediate ·📰 AI News & Updates ·7y ago

Key Takeaways

The video discusses Microsoft Graph updates, new Microsoft Graph SDK features, and Postman Collections, with a focus on authentication, authorization, and incremental consent.

Full Transcript

my name is Jeremy thank my principle p.m. on the Microsoft graph team and today I have the pleasure personally presenting on some stuff we've been working on in the last few weeks and also Darryl Miller who is in Amsterdam will be presenting on some of the Microsoft graph SDK work we've been doing just a quick reminder these calls are monthly they happen on the first Tuesday of every month at 8:00 a.m. Pacific time you can use the AKMs Microsoft graph call link to download the ICS calendar and add it to your add it to your your own personal calendar to remind you for next month um our next call actually won't be in May it will be in June primarily because that build is the first week of May next month and we'll have lots of coverage of Microsoft graph in the the keynotes and also we'll have a handful like I think six or seven sessions on Microsoft graph there will be streaming live as well so keep keep your eyes open for details on that in a blog post that we'll share so you'll know when and when how you can access those online and if you're coming in person please please make sure you come say hi to us our booth in the expo hall that we're busily planning at the moment so it'd be nice to meet a few familiar Microsoft graph faces there in person so no call next month our next call will be June June 4th today we're actually going to have two kind of sections of this call one the first one is going to be for Darryl who's gonna be showcasing some of the new Microsoft graph SDK features and then I'm going to go through and talk about Microsoft postmates collections but before we do that if I can just remind everyone just to mute their microphones I can hear a few people breathing and I'm pretty sure that's not Darryl getting ready I just wanted to remind you about the graph website and some changes we've made to try and make your experience a little bit better as a Microsoft developer the homepage of graft at wix.com which resolves to develop a top Microsoft comm slash graph we heard loud and clear that you found that the blogs weren't as easy to find so on my I've reduced the resolution for screen share purposes today but typical laptops now have the blogs above the fold in a browser window and so now you can see all the news that we're updating on the SDKs and again you can go view more in here to see a lot more blog posts that are coming through so and also just so you know you can get to in here but it is a little bit varied and so that's why we've put it on the home page in that swimlane the blog does have an RSS feed as well so if people are trying to keep up with the blog and I want to keep revisiting it or relying on tweets from the office Deb hand or my hand or Eunice handle and others that retweet news and if you scroll to the bottom of the page not only can you follow the office dev hand or here but you can also grab the RSS feed so if you use that in any of your feedly coms it's the one that I use personally but there's lots of different RSS readers out there that allow you to keep up to date with the blog posts as they immediately get published and so there's just a few little kind of tip bit helpers there and then in addition to that we have tried to change the pivot on how you get started with the graph a little bit and so we have this get started the experience that we've had for a few months now where I have the ability going for instance on a speed net and not only can I get started by jumping into a Quick Start experience if you could meet your Mick please I will stop calling out names for people who don't do that when they come in it makes me jump as a very minimal thing the QuickStart allows you to get started in three minutes so in this example if I went through this it would download a zip file that I could run in visual studio and it would pre bake the client ID in secret into the project so you can essentially just f5 that and have your first app up and running within a few moments but also what you can do is you can actually go through and create your first project by following this general hearing at the moment Jeremy just so you know as it drop the sharing yeah yeah okay thank you for let me know can you resi that now yeah that's back now thank thank you that's what you know and and so this allows you to walk through step by step all the way from file new project in Visual Studio for instance with this one with a speed on there all the way through to actually making the calls using the SDK to get me events and returning that to the screen and so this is a great way of just if you haven't done this yet exploring the Microsoft graph in that way and then one last thing I wanted to show was that in the top here in the docs we've now got a new landing page where we decided to make the main areas of our documentation a little bit more prominent so they're not only discoverable in the in the TOC s here on the left hand side and so you can get to all the tutorials and the quick starts for every platform here as well as jump into the SDKs that we have available and then you can get to the changelog which is essentially where every time a change goes out on the v1 or the beta service we go through and we update these so much you can see that we introduced some risky user API changes in the beta and some changes to the directory API s and we insist that the engineers and p.m. is actually put in information and in cases linked directly to the documents for for those changes so you can see those things that have happening inside of the documentation and so we're hoping this new landing page which essentially you get to by clicking on Doc's and the top navigation from any of the Microsoft graph experiences will be super useful to kind of get you started and also get you to the the common areas and so we're going to be doing a few more improvements across the learn section next few moments but that was just based on your feedback we've made additional improvements there so I just want to say a big thank you for everyone for continuing to provide that feedback and also just could like contacting us letting us know what things are working for them and what they'd like to see improved and so with that the the first one that I wanted to you have Darryl talk to is the SDKs that we've been working on it Microsoft so Darryl thank you for joining the community call from Europe I'm not even sure I can do the time translation on what time of day it is therefore you know it it's just five o'clock in the evening oh there you go CMOS the end of the day almost finished your day but there you're ready to WoW the audience with Microsoft SDK information I will do my best well then LaSalle I'll let Lee let you take over sharing the screen and I will put myself a mute so thanks Darrell me start a slideshow from current slide okay so just to set expectations for those of you who were able to join me in the SDK talk at MVP summit the demos that I'm showing are basically the same demo so feel free to either go get yourself coffee or during these demos or you can critique me and tell me whether I did a better or worse job on this what I'm going to talk to you today about are two main things one is the authentication providers and the graft client Factory which is going to be upcoming now just to be absolutely clear these authentication providers are really a just adapters to the M cell libraries that we provide that the identity team provide and we are just taking opportunity to make the experience that little bit easier because of the specialization with regards to working with Graff and the way the SDK works so we have these old providers which are completely optional for using the SDK in various repos on github so we have a dotnet auth providers Java Android an objective-c and generally the way each of these work is we have a north provider for each of the main authentication flows or two authentication flows but let me go and share some code and we'll actually see how these things work so I'm going to pull up the very first example which we're gonna start from a really simplistic console app pep scenario I have already pulled in the nuclear packages you can see if you go to our github repos they tell you all the dependencies that you need to pull in it's basically just one extra nougat package and let's start by where we normally start when working with the Graf SDK we go and we create a graph service client so we're going to new up a graph service client like this and you'll see we get a red squiggly because it's actually asking for another parameter but we're gonna leave that for the moment and we'll keep going so what we want to do is a nice simple case we'll go and get the canonical user equals graph service client dot me that request ah get a sink and then of course because it's a sink we're going to put them away to the beginning of here and then when we get it back just to prove that it actually worked I'm going to do a little right out to the console and pull out some property from user user dot display name for example okay so in order to make this work let me close down a few things here so you can see we need to solve this red squiggly so what does it expect from this well it expects something that implements i authenticated provider now in the past we have provided a single authentication provider which we call the delegate authentication provider the problem with the delegate authentication provider is it really doesn't do a lot of work for you it pretty much expects you to provide it with a function that will come back and get the authorization token or the bearer token so it's basically making you do all of the work so in order to make life easier we've created a set of authentication providers and I'm gonna pick one using the interaction authentication flow yeah the interaction flow which is the one that's actually going to come and pop up a UI and allow me to enter my username password so let's create the interaction authentication provider and okay well so it needs some parameters it needs a public client application and it needs scopes so well where do I get the public client application well this is where it brings us back to the way we're used to doing it with em sell em Sal allows you to create a either a public client application or a confidential client application depending on the floor that you're using in the case of interactive authentication provider we need a public client application of lick just call it app save me typing a little bit uh yeah okay it a little differently and threw myself off okay so new now we could just do new public client application here and use the Constructors as is or we've also created some static helper methods or factory methods on the flow so you can do interactive authentication provider create client application and it will ask you for just the the pieces of information that are needed for this particular flow so once you have that app and it's gonna ask me for a client ID which I'll go and fill in in a moment and then here we just provide that up into the authentication provider and we're going to need to give it some scopes because we're going to go and read the user so with that's just a string array of user dot read the quotes I don't have too many or too few semicolons what I actually did originally was I took that out put it on the previous line so that I don't do quite so much scrolling cos provider suddenly my keyboard stops work all right yeah our provider what was in my clipboard was not what I expected and let me try that again undo there we go copy that our auth provider all right now we have so we've created an app but we're going to need a client ID I've already pre set up the client ID I don't happen to remember the gooood so let me go and copy that from my notes over here okay we've created ourselves a public client application we've created ourselves a north provider for the flow that we want to use we pass that off provider into the graph service client and then we're going to go and make a rest request and this is where I like to hold my breath say a little off prayer and you run that and hopefully we will see a user name actually no of course we're going to see a login pop up because it's an interactive flow you can ask me to sign in and then I got asked me to consent first time I've done this well first time I've done this since deleting the application incidents for maybe okay apparently I didn't click hard enough and we get welcome to questioning permissions that are either invalid or out today did I do that famous users don't read instead of user don't read I got a check is it users or user it's user not read I did it correctly okay well if the first it doesn't succeed let's try it again you there we go we work this time it's possibly a little bit of provisioning time they're a little too quick between that authentication and making that first call I suspect okay so we have that information we've been able to make the request and it magically went and got the token under the covers and now because we're using the M cell library it will automatically take care of token expires it will go and use the Refresh token in order to update that token so all of that hard work is taking care of us by the the M cell library now next example here let's do something else let's go get messages and just to save you from having to watch me type I'm just gonna go and copy this little chunk of code here just part of the ways I'll give away the magic okay so I'm I named the service client differently service client a sink now in this particular case if I attempt to run this it's going to fail and it's going to tell me you can't make this call because you haven't granted this application consent to access the messages that belong to you so that's not going to work so what we really need to do is also grab the consent so we've got a couple of options here we could go back up to the integrator the authorization provider and change what we initialize that application those default set of permissions or because that's not recommended it's not a recommended practice that when you first install an app you asked for every single permission that might ever be needed in the application what is the recommended approach is to do incremental consent so the question is how do we do incremental consent well I just created myself a little write line here so that we can actually see that this works what I do is whilst making the request I say with actually type that would do that there we go new string Hammond's your p.m. for a few months and you lose all your dev typing skills there we go male dot read okay now just before I go on to show you that just know with when you do with there are a number of other options here because of different flows and different scenarios we also allow you to do things like with the user account with user assertion for the on behalf of flow with username password for so there's a variety of other different ways of configuring the various pieces of infrastructure that we have under the cover on a per request basis and so without started adding these extension methods to allow us to configure the underlying middleware pipeline that provides the these behaviors that we've embedded into the SDK so we are saying we're now going to do incremental consent we already consented the first user dot read but now when we run this hopefully when we run this it's going to pop up another dialog it's going to require me to sign in again because it's going to ask for consent oh yeah actually that was the first sign in was just because I needed to get the first token now it's asking me to sign in again because it realizes it needs additional consent but now it's actually asking me that okay I need to read will you allow this application to read the mail we can click accept I only had to click once and there we go we have the number of messages that are in the first page of the responses that came back they all forgive my interruption can you explain then when you registered the app did you request mail that read at that time as well during the app registration no I no I did not this these can be added dynamically the the Scopes that you register a configuration time and I luckily there's a number of other identity folks on the wire so if I say something wrong here be sure to correct me but if you want to use the Scopes that are configured in the app then up here you can specify the HTTP graft microsoft.com wot default okay and then then this application will request the Scopes that are configured in the app registration so there are two distinct ways of saying what permissions an application needs but with incremental consent you don't need to have preset those up in the in the portal and I will pause momentarily it's just in case anybody wants to add any qualifications to their statement hearing silence oh it there's a check going on so you eat them as you answer to get the chat question there I kind of set you up so thank you yes so as you can see here you are saying you can increment the Scopes you're trying to add so what is the use of of course that we are I think when you're just an application on the portal this way I think it meaningless to use the default scopes for application since we can already change it in run time I I'm going to defer to somebody else to decide when is the right time to use the Scopes in the application registration versus Scopes in the setting them up as part of the year you're actually embedding them into your actual application I'm not aware of what are the pros and cons and hopefully if if there are if we have some documentation that clarifies that I will definitely provide some links to it but I I don't know whether there are any distinct advantages with regards to initialization obviously you with dynamic scopes you need to do that at the point in your application where you are actually going to use those scopes I I can chime in a little bit here from the perspective of the experience I had when I was outside of Microsoft as a software vendor there are many scenarios where you might have a base set of permissions that allows your customers to troll you with a set of permissions to get basic functionality of your application your SAS application and then you might have advanced features or premium features that require more consent maybe write or read write souls or access to other parts of mics or 365 and beyond that you do as an incremental consent later on once that customer has purchased your premium version of your product that requires more consent this gives you a way of having kind of a baseline set of permissions that maybe customers are more comfortable with using you fall from a trial perspective that is maybe just read type permissions to various different scopes and then once they've unlocked that you could provide a you know as a flow through your application that then requests this incremental consent to a variety of other resources that would require more stringent things like admin consent maybe and various other things in here too and so that's just one scenario there are quite a few more I'll dig dig the documentation and put it in the mail engine chat that would go through kannada pros and cons of those approaches but that's certainly one that I've seen from incremental consent that is super valuable to an ISV that's building something if I can take half a minute from an enterprise that perspective I've seen teams where the they'll want to control the permissions and so they tell developers and do code reviews and developers to say that default and then the you know the administered tenant administrator can then control what scopes are requested in the registration to kind of limit developers from doing things they shouldn't be doing so it really all depends on your your your scenario and in the permissions of the people running in well I appreciate that little segue allowed me to deal with the hotel staff that decided to come clean my room during a session okay so the one thing that you may have noticed last time we ran this it kept asking me for a token and kept asking me to sign it again and again and from a development time perspective that can be a little bit of a pain so that allows me to introduce another feature which is an important feature in that the there is an underlying token cache to them cell implements but it isn't a persistent cache and if you we in a production application you'll need a persistent cache and there's a variety of different options but it's also handy to have one purely a development time and this is what I had created just for demo purposes and there's a strong warning do not use this in in a production sample so this is just simply a file based token storage provider and I'll just show you the code that goes underneath here it simply there's an interface where you get a set of bytes and you write a set of bytes and there's a cash ID and I'm literally just storing it in a file and a local disk there is ongoing work and there's a number of different samples for real token providers that's will store to say Redis or various other file storages this is purely for a development time but it's a nice convenience it allows you to implement that and then pass that into this factory method so now I'm gonna run this for the first time and it actually didn't ask me to sign in because from demos that I've run previously I already had a token previously now obviously that tokens expired but it also has refresh token so it was able to go off and refresh that old token from a demo that I did probably two weeks ago now and go and request a new token and it avoids all of the sign end stuff so from a development time perspective that makes life a little bit easier but it's also a hook to plug in a more complete production level persistent token storage or not just for persistence but also in the case of a web farm scenario where you want to use a centralized token storage so that when you don't have server affinity you're not constantly asking somebody for a new token when they have to happen to hit a different web server so the this is the main set of capabilities that we have built around these authorization providers and as this if we say we set set up a number of different flows but this makes the assumption that you're using our SDK as is in order to be able to take advantage of this authorization provider because that's where you pass it in into a graph service client now there's I'm sure a significant number of people even on the call who are doing apps and currently aren't using our SDKs so we want to be one of the things that we've been working heavily on is being trying to provide capabilities whether or not you want that rich strongly-typed intellisense request build or model type mechanism or whether you just want to use a native HTTP client library so I'm just gonna switch over to another sample now in this case just we it's actually a dotnet core console app because we work both in full framework or dotnet core and this time we're gonna take a slightly different approach I'm going to just go and create a new client which is a new HTTP client right now I want to be able to make a call and obviously I can make a call to the Microsoft graph just simply using get async and then passing it whack me to be able to go and get a response like this okay but this is obviously going to fail because it doesn't have any authorization token now it would be real nice if we could really use that off provider infrastructure that we have within the within an HP client and we can actually do that because the way that our service library layer implements this capability is using a built-in capability of HP client called message handlers and if you actually look at the constructor of HP client you can pass in a pipeline of message handlers the only problem is is the way that you have to set up these message handlers you can have to chain them together and then manipulating them those handlers is a bit of a pain so what we've done is we've built a graph client Factory now just as a word of warning in the version 1.1 for that we recently published this class is still internal we expect within the next week or so to be creating a preview of 1.15 in dotnet that makes this library public and although I am talking about dotnet here these same concepts apply across all of our languages and you should be able to do the same capability across all languages so if you now do create here you can somebody has termite open if you can probably can't hear me but hopefully they will move it you could do create it will create that client now ideally we would set up the auth handler here automatically and that's one of the early feedbacks that we've got is we should set up the auth handler automatically for you but we actually don't so you actually have to customize the middleware pipeline in order to inject that in so again just to avoid you having to watch me type too much I'm going to go grab this little chunk of code here and we'll walk through what's going on here so the graph client factory not only do we let you create a client with a set of default handlers pre-built in we also allow you to go and say well okay tell me what handlers you would put in there by default so that then I can manipulate that list of handlers and so that's what I'm doing here I'm getting a list of handlers that are going to be inserted into the HP client and I'm going to insert a new one called an authentication handler now this authentication handler expects as a parameter if I can hover over the right part here that's just an authentication provider so in the same way that we pass an authentication provider into the Graf service client with our whole service model that's the the large fairly heavy DLL we can also do this with our lightweight core DLL and the only thing now is to provide it with an authorizer now I could go off and do the same inter inter interaction both provider however unfortunate this point in time that won't work in dotnet core I believe in a later version of emcell it is going to work in dotnet core - there's a little challenge with popping up UI in dotnet core console apps so what we do instead is we use this other flow which is called device code provider so it's the same story right device code provider create a client application creates as an app we then create a device code provider instance we pass the app in with our token that we're interested in and I think if I just oh yeah I hear let's just throw this in straight away new file based token provider we can use exactly the same token provider mechanism with this device code flow and actually let's not do that because then we won't get actually get to see the the experience okay so we've created our application which is the same as a regular old M cell public client application we've created this provider we've passed it into the authentication handler which we inserted into our list of handlers and now when we go and create the the HTTP instance we pass it in the list of handlers and if I hover over this VAR you can see that this is just a standard HTTP client instance now I think I might have forgotten something yeah let's just yeah I wanted to do this response instead and if you notice on creating our of the HP client there are some other properties that you can set here you can say which version you want so I'm gonna pick just the V 1.0 we can also do this with the beta end point there is a little bug at the moment that requires you to pass put that slash in there but that slash is going to go away when we come in our preview and you can also select a national cloud so if you were writing an app against Black Forest or against the China or Germany cloud you can specify that just using an enum by default it will hit the public instance and I believe that's correct if I've got that okay this one and then we'll write it out just to make sure that we're actually getting something back console dot read right line user response I don't want to put that in there we go okay so let's try this tension mounts aha that's an interesting one if we go back to the the browser here we'll see that it's saying to sign in you use a web browser to open the page device login and enter this particular code this is the standard Auto flow it looks like ran right past this which I'm gonna guess means I forgot to put an await in somewhere so let's just because I've never seen this source link will download from the internet error before well not at least while doing this demo and no I did in a wait there that's curious one maybe that's a an interesting thing about doing things on a hotel Wi-Fi let's try it again and see whether or not it still gives me a hard time if not I'm just going to put a breakpoint okay let's do disable pending and use oh yeah well that's because I've run it a second time okay let's go to a browser device I got to go look what it's what message it told me it said sign in go to my comm device logging on slash device login and let's go grab this code next and see if we can recover from this mysterious okay it's asking me to sign in oK we've signed into dotnet console application looks like it's struggling to get some CSS there let's pause there it's probably still hung up over here let's see what happens if we do continue here it's really not happy with me okay well cuz I ran it twice let's see whether or not if we do this again what will happen let's just start again from the beginning let's see what happens one more time huh say what their odd together troubleshoot this and let me do my demos and we'll flip back to you and you've magically would have fixed it with hotel juju yeah yeah absolutely we can do that there we go all right yeah sure I'll just share my screen there was one question while I'm flicking over which was how are you kentley can this work with xamarin because it's dotnet dotnet standard if I'm using that that would be our hope that would work with Zaman is dotnet 1.3 so whatever xamarin frameworks are compatible with 1-3 dumbest and 1:3 you'll need to do again device code flow at the moment to make that happen but I see no reason why not cool and then it was one way back at the top which is from Bill as around questioning that there was no JavaScript listed on your slide slide oh that was a mistake on my behalf there definitely is an authorization provided for JavaScript it only does the implicit flow though there's nothing like solo in JavaScript awesome well I'm hoping everyone can see my screen bill says phew hoping people can see my screen like so so you can you can't I can yes okay you're all good go umm again going back to the blog we announced this on Friday just for a little bit of background Microsoft we have something called an F HL a fix hack learn week where we are essentially meant to remove everything from our calendar and do something to either fix hack or learn and at the MVP summit the week before we had a significant amount of feedback from people or the use graph explorer so they go into our API playground here that Darryl is the PM on and they run and see their responses and you can see we have lots of different samples sphere from variety the different services you can go pick and pick and choose from and you can either do it against our demo tenon that we have hosted that's you know Meghan is our person over choice but you can also sign in with your own tenants as well but we had feedback from the MVPs that were in the room that they actually use postman for a variety of different scenarios and that they would find it useful if we released a set of collections so in my fheo last week as well as doing getting everything ready for build for that for you to enjoy in a few weeks I decided to have a crack at this and I used postman and a lot in the past for a variety of different things and so essentially this blog post just explains you know what what procedure were using here and I have a full length video of explaining how you can get this set up in your own environment and a link at the bottom here to the repo and directly to the YouTube video the repo lives inside of the Microsoft graph organization on github thank you for those that are starring it feel free to go crazy and others star it today so we can get those those up and thank you for forking it I'm assuming this contributions coming and and so essentially what I did was I took all of the Microsoft graph explorer samples and put them into postman so there's a lot of copying and pasting and a lot of clicking on the screen to get that to work and then essentially these it's way to get this in is if I go and grab these URLs now I spoke to the people at postman and if I wanted to I could share the collection I've already kind of created and working on but fundamentally the reason to do an import rather than sharing is because then if you make changes any changes I make to the collection if I shared it would be overwritten there might take on this right now based on feedback from people is that by doing this with an import like this and you'll see that we'll be able to import a copy is I'm gonna get my hundred and twenty-one requests because that's what I've got in my repo right now this is my working set that I'm adding some improvements to and if you wanted to customize this what I would recommend doing is creating your own collection jeromy's collection and basically copying duplicating doing whatever you want and moving them into your own when I'm working on those and then if you're ready you can actually contribute back to the repo by forking the repo and submitting your change to the your copy of it by doing an export here and submitting that back as a PR in terms of getting this running essentially this won't work on its own without environment variables which I actually already have set up in my machine if you're not familiar with these you can have as many of these as you like and what it allows me to do if I go into view here and you can see I've got a demo environment there where I've hidden the important parts in terms of the secret and the password allow some of the people that love to go into tenants and nuke them as I'm doing demos thank you and you'll see here that it's I'm putting in all the settings that I get from with inside of mine my application I've registered inside of my tenant so much like what Darrell just showed with the client IDs and the secrets and the tenant IDs we have to have these configured in here enable for this to works if you try and run this without sending those things up you will get an error so the first thing you need to do is expand the on behalf of a user and you want to go and get the a user's access token under the covers what that's actually doing is it's configuring the request body to this particular URL and we're using the environment variables here to build the URL and build the request so you can see the client IDs and the secrets are coming through and if I was to run this one it would actually fail and I'm actually gonna take advantage of it all just very quickly while I and there because it won't meet me then okay is that it will tell me that the secret is invalid because I was just I've actually selected my demo environment here and so if I go over to my rural environment and now click run that will actually inject the right passwords and client secrets in here and you'll see here that I now get back a set of permissions and an access token I can now use to run other requests in this collection so if I went over to get my profile which would be the get that goes to the v1 me endpoint you'll notice if you're familiar with postman there is an authorization tap here and I'm telling it that there's a bearer token and I want it to use the user access to so in my environment variables if I just switch back here you'll see that there's a user access token that gets sorry in my rewinding gets populated much like my app access token will get populated too when I run this first command and the way that it does that is in the tests tab as long as all of my environment variables are filled out it will actually go and store in the environment variable what it got back from this access token so my real environment which I won't show you because it has all my passwords this token would be stored and then when I run my whack me request essentially when I click send it will return me all that information for what whack me is doing because it got the token from the store in my environment variables environment variables there and then you'll notice that in the tests if it throws the invalid authentication token is I will prompt you in the console now the console does not open at first so you have to go into view here and you'll see that as I'm running these things in the past I've tried to run things I get some errors so I've actually gone through and added exactly what the lowest permission level is required for you to go and our permissions so as an example of that if I went into files here and do get drive files and click send or that one worked let's do teams me join teams you'll notice that this has come back with a 403 but if I went to the console and scroll down it'll actually tell me that I need group readwrite all which I know we get feedback that the permissions can be a little bit confusing but if you look into the api's and you look into teamwork and you look into teams and you go into kind of things like get teams we actually do state that these are the ones that you need is a bare minimum at the top of every API documentation page so to make that work in postman if I went over into the portal and I had a look at my permissions page I can go into API permissions and click Add permissions I go into Microsoft graph and I'm doing it by on behalf of the user so it's delegating permissions and then if I do a search and click check on that I can add that permission now because I'm not using an interactive authentication flow which will explain in a moment I'm actually going to do that as an granting an admin consent here and that will push that consent permission to all of my users without having my user be prompted this is only for demo purposes I am in a FRA way tenant I'm using God mode in quotes because I'm an admin not to be on test environments and production environments now if I run this again that's still not going to work and the reason that's not going to work is is the access talking access token that I got that's in my environment variable didn't include that scope so if I go through and rerun this now you'll notice now that I now have in my scopes for this token the group read all so now if I run my join teams if my token is refreshing and now I'm going to have to check whether it is I'm going to just move me myself off-screen quickly okay I'm gonna just update that token manually it should be doing it I'm not going to troubleshoot it right now if you wanna trouble shout on back I fix my problem yeah alright but that what that should do and I'm not going to troubleshoot that right now exactly why that's not using that token and getting me that 403 but with group read all that should allow me to return my teams and so whenever you change the permissions in the portal you will need to rerun this particular get thing so that it updates this access token and then in your environment variables it updates these ones here and then so you can see here that we have a variety of different folders for the different aspects of the graph and so even things like batch samples we have a sample here that allows you to see that we're making a variety of requests in the order where there just gets and that will return those in a batch format so you can have a great idea of just experimenting in the rest cause to understand all that all the different things you can do even across things that we have in beta for things like getting applications and there are cases where we have environment variables that aren't defined and actually we there's a user voice request that with postmen right now that if this isn't the fine and you try and run this will actually prompt the user when they click send to ask for it in this instance what you would have to do is go down here and create a new application variable called application ID and give it whatever you wanted to do or you could just overwrite this Bureau and put whatever you want in the benefit of doing in a environment variable is if we ever improve these request examples you'll actually be able to see those things coming through and one of a real nice thing we've done um is that making sure I'm on the right one is that when I run things like get messages in the results that get returned it's returning the idea the message in our post test what I'm actually doing is I'm going through and I'm grabbing the first message ID it finds in the response spawns collection which means that if I go down to get a user's individual message I've already pre-populated the message ID which means I can immediately test that without copying and pasting from my responses so I'm able to chain a bunch of demos of my requests to see that this one just returns that individual message in this case it's returning the body of the email and so there's some nice little things that we can do in postman with the benefit of all these post-test messages to get this stuff working so it's very easily get started and that the console will kind of help you along the way to make make sure you know what's going on there and I will let Darryl hand back because it sounds like he's confident he's managed to fix this absolutely yes it was a a case of visual studio being a little aggressive at catching exceptions and exceptions being used as control flow so with a little change to the exception settings here in Visual Studio now when I run this REE request where you're going to get our prompt as we got before which is asking me to go to this page here to go to this page and it's asking me for the code I'm gonna grab the code I'm gonna grab the code without the space before and after a stop code in now it's going to ask me to sign in and if I go back to my console app momentarily it's going to show the result that basically the JSON response that came back now because I'm using the core service library and not all of the generated models everything we just get it back as as a chunk of Jason now the more interesting part of this whole story once you've started to reveal the way things work under the covers is you can start to do all kinds of helpful things with this set of handlers for example I could add a new handler and I created this just very simple demo logging handler our plan is to build a more a production ready logging handler but this you'll see what this does if I run this and actually just so that we don't have to keep doing the sign-in dance let's put that new file base token nap writer there and let's run that once again it should fall goes well go find that token from a file refresh it and there we go so now it's actually writing out this is the request that was sent this is my logging handler that sits in that pipeline so we can deal with both the request and the response and the response comes back and then we print the final response out and because message handlers are able to maintain state before and after request we can do things like start a stopwatch and return like this is how long this round-trip took and just as the last little teaser another piece of functionality that we are looking to add and I'm not going to put that at the end I'm going to insert that the order of where these handlers go is quite important and you will get different behavior depending on where these go I'm going to insert a compression Handler and what this is going to do is it's going to set an accept-encoding header to say we know how to gzip decompress things so that when we send the request graph we'll know that we can actually decompress things so it will return us back a compressed result so this time it says content encoding gzip when we get a confessed result and our dreamt it time was even a little faster and then we the compression handler automatically decodes this and the compression handler is this written will actually compress uploaded content if it's over a certain size also and the plan is to build that kind of capability directly into all of our language SDKs so that's just a little teaser as to what is coming fairly soon the authorization providers are already for folks to start playing around with and to give us feedback on just to call out the question that was asked earlier with regards to why there is no JavaScript library here it's because the JavaScript off provider is actually baked into the main package so it's not in a separate repo and you could go take a look at our graph client factory class and how that works and hopefully within a week or two that will be in a preview state so that you can actually start trying it out with that I will hand it back to Jeremy also thanks so much Terence we um let me just share my screen again so just a little bit of an update you can see this myself and Paul who actually asked some questions during the course I thanks Paul we run a developer podcast specifically around M 365 and we've had some really good external guests on that Paul's been running around interviewing so if you haven't checked out those particular episode please go check that out on M 365 their podcast com don't worry is audio you don't have to see how weird bobbleheads in any kind of video form there and then just as a quick reminder there there are a bunch of videos on YouTube on office dev YouTube this is where these recordings will be the next monthly call will not be next month it'll be June 4th primarily because of build and just to give you one quick last update on this one thing that I'm working on right now based on some feedback that we got if I just look back here in the issues aspect was where I'm using username and password I think Paul client commented on this is that this won't work if you're using things like octo or you've got MFA enabled primarily because if I go into my demo environment variables here I'm actually putting in the username and password directly into the environment variables and obviously it's not using a user interactive flow what I'm working on right now is a new way of getting the users access token by the default approach that postman uses which is the OAuth 2 0 and what this does is it means I have to go through and set up these variety of features and this will pull me back a access token into the its own environmental variable and the reason we didn't use this is because it's not as straightforward to then share that across all these requests in the environment variable you can switch in and out and and so we're gonna I'm gonna work on this to basically how to pull this through and what you'll notice is is that we can do device cloud phones and other flows as part of this as well and because this becomes a user interactive approach so if you do have tenants where you want to do things where they have MFA's supported or other aspects supported you'll have to just wait a little bit more patiently for me to get this done and again please feel free to give feedback on the issues list we got have got telemetry on how these things are being used in the headers we're passing for an SDK version much like our own SDKs and so on the back end in our reports we can actually see who's been using this collection so big thank you for those that have tried this already mmm and as I say please make sure you give us feedback in the issues list on that particular github collection and I will flick back to the team's list just to see if there's any quick questions before we close for the day it doesn't look like it Paul has got in big capital letters do not use these requests on real environments yes please use developer tenants and so actually that's one nice little segue before we close out for those that aren't familiar there is a programs tab that's now on the top navigation as well which takes you to the program to go sign up this will give you a developer subscription that you can go and use to try out all these awesome things that we've showed today and we shown all the other community calls it gives you access to 25 accounts that you can create and run and since August of last year essentially as long as you keep using that environment and you access other things to do with a program that can't that tenant will continue to renew as part of the benefits of the office development program so it's a great thing to go do and there's a bunch of work that they're actually doing if you go into the dashboard itself to do things that are personalized to your experience this is actually gonna work because I'm not signed up in this particular tenant user so sketchy gonna go through the signup process but there's some real great benefit so if you haven't already signed up to the the dev program I would highly encourage it so with that thank you very much for joining the call we will not see you on this call next month but we will definitely see you in build across all the different presentations we're doing and we look forward to hearing all your feedback on the Microsoft graph and excited to hear your stories if you're interested in presenting please reach out to us we'd love to have external people come like present in on what you've done and Microsoft graph as well so big thanks and thank you Darryl for taking your time out of the or conference time over in apps then there to share

Original Description

Agenda this month included: -Microsoft Graph updates -New Microsoft Graph SDK features -Postman Collections -Q&A
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Microsoft 365 Developer · Microsoft 365 Developer · 9 of 60

1 Adaptive Cards community call-February 2019
Adaptive Cards community call-February 2019
Microsoft 365 Developer
2 PowerApps community call-February 2019
PowerApps community call-February 2019
Microsoft 365 Developer
3 Microsoft Graph community call-March 2019
Microsoft Graph community call-March 2019
Microsoft 365 Developer
4 Office Add ins community call-March 2019
Office Add ins community call-March 2019
Microsoft 365 Developer
5 PowerApps community call-March 2019
PowerApps community call-March 2019
Microsoft 365 Developer
6 Microsoft Teams community call-March 2019
Microsoft Teams community call-March 2019
Microsoft 365 Developer
7 Using React and Office UI Fabric React Components
Using React and Office UI Fabric React Components
Microsoft 365 Developer
8 Build Microsoft Teams customization using SharePoint Framework
Build Microsoft Teams customization using SharePoint Framework
Microsoft 365 Developer
Microsoft Graph community call-April 2019
Microsoft Graph community call-April 2019
Microsoft 365 Developer
10 Using Change Notifications and Track Changes with Microsoft Graph
Using Change Notifications and Track Changes with Microsoft Graph
Microsoft 365 Developer
11 Office Add Ins community call-April 2019
Office Add Ins community call-April 2019
Microsoft 365 Developer
12 Adaptive Cards community call-April 2019
Adaptive Cards community call-April 2019
Microsoft 365 Developer
13 Microsoft Teams community call-April 2019
Microsoft Teams community call-April 2019
Microsoft 365 Developer
14 Getting Started with Microsoft Graph and Application Registration
Getting Started with Microsoft Graph and Application Registration
Microsoft 365 Developer
15 Getting Started with Microsoft Graph and the Directory API
Getting Started with Microsoft Graph and the Directory API
Microsoft 365 Developer
16 Getting Started with Microsoft Graph and Microsoft Teams
Getting Started with Microsoft Graph and Microsoft Teams
Microsoft 365 Developer
17 Getting Started with Microsoft Graph Explorer
Getting Started with Microsoft Graph Explorer
Microsoft 365 Developer
18 Getting Started with Microsoft Graph
Getting Started with Microsoft Graph
Microsoft 365 Developer
19 Getting Started with Microsoft Graph and Mail API
Getting Started with Microsoft Graph and Mail API
Microsoft 365 Developer
20 Getting Started with Microsoft Graph and Office 365 Groups
Getting Started with Microsoft Graph and Office 365 Groups
Microsoft 365 Developer
21 Getting Started with Microsoft Graph and the Calendar API
Getting Started with Microsoft Graph and the Calendar API
Microsoft 365 Developer
22 Getting Started with the Microsoft Graph Toolkit
Getting Started with the Microsoft Graph Toolkit
Microsoft 365 Developer
23 Getting Started with Microsoft Graph and JavaScript SDKs
Getting Started with Microsoft Graph and JavaScript SDKs
Microsoft 365 Developer
24 Getting Started with Microsoft Graph and .NET SDKs
Getting Started with Microsoft Graph and .NET SDKs
Microsoft 365 Developer
25 Discover how businesses can be more productive with Microsoft 365 integrations
Discover how businesses can be more productive with Microsoft 365 integrations
Microsoft 365 Developer
26 Adaptive Cards community call-May 2019
Adaptive Cards community call-May 2019
Microsoft 365 Developer
27 Office Add-ins community call-May 2019
Office Add-ins community call-May 2019
Microsoft 365 Developer
28 Why We Built on Microsoft Teams
Why We Built on Microsoft Teams
Microsoft 365 Developer
29 Microsoft Teams community call-May 2019
Microsoft Teams community call-May 2019
Microsoft 365 Developer
30 Microsoft Graph community call-June 2019
Microsoft Graph community call-June 2019
Microsoft 365 Developer
31 Build Angular SPA's with Microsoft Graph - June 2019
Build Angular SPA's with Microsoft Graph - June 2019
Microsoft 365 Developer
32 Office Add -ins community call-June 2019
Office Add -ins community call-June 2019
Microsoft 365 Developer
33 Build Android native apps with the Microsoft Graph Android SDK - June 2019
Build Android native apps with the Microsoft Graph Android SDK - June 2019
Microsoft 365 Developer
34 Build MVC apps with Microsoft Graph - June 2019
Build MVC apps with Microsoft Graph - June 2019
Microsoft 365 Developer
35 Authenticate and connect with Microsoft Graph - June 2019
Authenticate and connect with Microsoft Graph - June 2019
Microsoft 365 Developer
36 Microsoft Graph data connect - June 2019
Microsoft Graph data connect - June 2019
Microsoft 365 Developer
37 Change notifications with Microsoft Graph - June 2019
Change notifications with Microsoft Graph - June 2019
Microsoft 365 Developer
38 Build iOS native apps with the Microsoft Graph REST API - June 2019
Build iOS native apps with the Microsoft Graph REST API - June 2019
Microsoft 365 Developer
39 Build Node.js Express apps with Microsoft Graph - June 2019
Build Node.js Express apps with Microsoft Graph - June 2019
Microsoft 365 Developer
40 Smart UI with Microsoft Graph - June 2019
Smart UI with Microsoft Graph - June 2019
Microsoft 365 Developer
41 Leveraging the Microsoft Graph API from the SharePoint Framework - June 2019
Leveraging the Microsoft Graph API from the SharePoint Framework - June 2019
Microsoft 365 Developer
42 Build UWP apps with Microsoft Graph - June 2019
Build UWP apps with Microsoft Graph - June 2019
Microsoft 365 Developer
43 Build React SPA's with Microsoft Graph - June 2019
Build React SPA's with Microsoft Graph - June 2019
Microsoft 365 Developer
44 Getting Started with Microsoft Graph and Batching
Getting Started with Microsoft Graph and Batching
Microsoft 365 Developer
45 Getting Started with Microsoft Graph and Change Notifications
Getting Started with Microsoft Graph and Change Notifications
Microsoft 365 Developer
46 Getting Started with Microsoft Graph and Consent Permissions
Getting Started with Microsoft Graph and Consent Permissions
Microsoft 365 Developer
47 Getting Started with Microsoft Graph and Education
Getting Started with Microsoft Graph and Education
Microsoft 365 Developer
48 Getting Started with Microsoft Graph and Financials
Getting Started with Microsoft Graph and Financials
Microsoft 365 Developer
49 Getting Started with Microsoft Graph and Excel
Getting Started with Microsoft Graph and Excel
Microsoft 365 Developer
50 Getting Started with Microsoft Graph and Data Connect
Getting Started with Microsoft Graph and Data Connect
Microsoft 365 Developer
51 Getting Started with Microsoft Graph and Intune
Getting Started with Microsoft Graph and Intune
Microsoft 365 Developer
52 Getting Started with Microsoft Graph and Notifications
Getting Started with Microsoft Graph and Notifications
Microsoft 365 Developer
53 Getting Started with Microsoft Graph and OneNote
Getting Started with Microsoft Graph and OneNote
Microsoft 365 Developer
54 Getting Started with Microsoft Graph and OneDrive
Getting Started with Microsoft Graph and OneDrive
Microsoft 365 Developer
55 Getting Started with Microsoft Graph and Open Extensions
Getting Started with Microsoft Graph and Open Extensions
Microsoft 365 Developer
56 Getting Started with Microsoft Graph and Paging
Getting Started with Microsoft Graph and Paging
Microsoft 365 Developer
57 Getting Started with Microsoft Graph and Schema Extensions
Getting Started with Microsoft Graph and Schema Extensions
Microsoft 365 Developer
58 Getting Started with Microsoft Graph and Security API
Getting Started with Microsoft Graph and Security API
Microsoft 365 Developer
59 Getting Started with Microsoft Graph and Query Parameters
Getting Started with Microsoft Graph and Query Parameters
Microsoft 365 Developer
60 Getting Started with Microsoft Graph and Reporting API
Getting Started with Microsoft Graph and Reporting API
Microsoft 365 Developer

The video provides an overview of Microsoft Graph updates and new features, with a focus on authentication, authorization, and incremental consent. It also covers the use of Postman for API testing and development.

Key Takeaways
  1. Create a client application with a client ID and scopes
  2. Make a REST request to read user information
  3. Use MSAL for token management
  4. Configure incremental consent for accessing user messages
  5. Use Postman for API testing and development
  6. Configure environment variables for Microsoft Graph
💡 Microsoft Graph provides a powerful API for accessing user data and performing actions on behalf of the user, but requires careful configuration of authentication and authorization to ensure secure and compliant use.

Related AI Lessons

Up next
Tasty Weird! Book 16 by Anh Do · Audiobook preview
Google Play Books
Watch →