Based on MS Training - JS Graph App.
- Understand the role of Azure AD (Active Directory) with MS Graph
- Understand MS Graph permissions
- Registering an Azure AD application
- Create a JavaScript app to connect to MS Graph and retrieve Microsoft 365 data
-
Helps to deal with
- authentication
- authorization
- SSO (single sign on)
- security tokens
- ...
-
Provides SDKs / libraries for various programming languages
- Example MSAL (Microsoft Authentication Library)
-
Key Part of the identity platform is Azure AD
- Scope:
- resources access (user / mail / groups / ... )
- allowed operations (read / write / ...)
- Permission types:
- delegated - Graph call on behalf of the user
- application - for background processes / automation
- Access Tokens:
- received after permission request and admin consent
- for authentication and authorization
- passed in the authorization header of each HTTP request
with the word "Bearer" and a space before it
GET https://graph.microsoft.com/v1.0/me/ HTTP/1.1
Host: graph.microsoft.com
Authorization: Bearer EwAoA8l6BAAU ... 7PqHGsykYj7A0XqHCjbKKgWSkcAg==-
To connect your application to MS Identity, you need to register your app in Azure AD.
-
Azure AD provides app registration for:
- web
- single-page
- mobile
- desktop applications
that can be accessed through the Azure portal or through the Azure CLI.
-
It provides you with unique information to retrieve an access token:
- application ID
- tenant ID
See MS Training - Register App
See MS Training - Access Token Retrieval and MS Training - Token with MSAL.