The HoloLens 2 is Azure Joined and Im logged in as a user and I want to get the HoloLens 2 AAD Token to authenticate against some APIs.
My thoughts are that I can grab the token that is already on the HoloLens 2.
I can´t find any documentation online.
Where can I find it and which class can I use?
Thanks for your help.
Please refer to Manage user identity and login for HoloLens | Microsoft Docs, you need to use the Windows Account Manager API, and you can refer to examples from Windows-universal-samples/Samples/WebAccountManagement at main · microsoft/Windows-universal-samples · GitHub.
Related
I have a custom developed Windows service that until recently used basic authentication to access an O365 mailbox over POP and pull the contents on a predefined schedule. Microsoft recently announced that they were dropping the support for basic authentication and I should be using OAuth 2 instead. I have followed the steps in this article and my application has the necessary permissions in the Azure portal. I'm still running into an issue.
I can successfully generate the OAuth token. When I try to use said token to authenticate I get "Authentication failure: unknown user name or bad password". No further details are available. I tried Microsoft support but they only referred me to guides I've already followed. Any help is greatly appreciated!
After three days of scratching my head I finally stumbled upon the answer. Turns out that according to Microsoft ObjectID is different from ObjectID. Because logic! Two different interfaces for the same thing with two different ObjectIDs. You need the one on the right when giving permissions to the mailbox.
I am new to bot development. I am working on creating a MS Teams bot using bot framework. The bot will be installed in ‘Personal’ scope in Teams, and it doesn’t have any tab / messaging extension etc. Once installed, I want to get the list of all the members/ channels/ Notification updates (i.e. members added/deleted etc.). As per the different documentation, I can get the list using Graph API.
List members of team - Microsoft Graph v1.0 | Microsoft Docs
List members of a channel - Microsoft Graph v1.0 | Microsoft Docs
To achieve this, I need the token that will be passed in API. I am not sure how to implement that. I have followed the instructions mentioned in Add authentication to a bot in Bot Framework SDK - Bot Service | Microsoft Docs. There was a step to add ‘Add OAuth Connection Settings’ and there were multiple options in ‘Service Provider’. I selected ‘Azure Active Directory v2’. After doing that, it works and I can get the token, but it only works if during login, I user my azure directory credentials. I have a Microsoft account linked with my MS Teams which id different than the Azure account. A user in team can have a Microsoft account / work / office account so this needs to work for everyone so what would be the correct ‘Service Provider’ option that will work for all accounts?
I was thinking that the flow should be like:
When clicks on ‘Add’ button to install the app in Teams
Once added, bot will prompt for Graph API permission using OAuth.
Once user gives the permission, I can use the token to call graph APIs.
I have also looked at the following tutorials:
How to use Bot Framework Composer to build low-code Microsoft Teams bots (Part 1)
Get user profile information in your Microsoft Teams bot with Microsoft Graph (Part 2) - YouTube
But after performing all the steps, when I try to login, it says – ‘This action can't be performed since the app does not exist or has been uninstalled.’.
I am not getting a clear approach on how to proceed with it.
As #Maxim has also suggested, if you want to have a bot that should run multitenant you need to put tenant Id as common in OAuth Setting in Azure bot. As the value suggest it isn't going to specific to single tenant and Redirect Uri should be set to https://token.botframework.com/.auth/web/redirect in app registration.
This is it, you don't need to add anything.
This is also mention in the doc --
We have some sample around it as well that shows how to use Graph API with the bot -
https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/24.bot-authentication-msgraph
You can setup this one and update the Graph calls to get member of team or channels.
I want to start doing some development with the preview edition of the Microsoft Teams APIs.
I currently have a solution working using the Azure AD v2 Endpoint but I wanted to get a working solution using the v1 Endpoint.
I can't find any Microsoft Teams permissions available in the Azure AD portal and I didn't see anything specifically about this in the Known Issues the Teams API.
Can anyone comment on whether there are any options for a pure v1 Endpoint solution using application registration available right now? If not, is it planned?
The v1 Endpoint uses the same permissions as the v2 Endpoint. The primary difference between the two is that v2 scopes can by dynamically requested during authentication while v1 Endpoint requires permissions to be pre-defined within the registration.
When using the Azure Portal, all of the permissions for Teams show up under "Microsoft Graph". For the Teams you'll generally need User.Read and Group.ReadWrite.All. The Azure Portal lists permissions by description (although you can see the underlying scope name in the tooltip):
Sign in and read user profile (user.read)
Read and write all groups (Group.ReadWrite.All)
Note that Group.ReadWrite.All does require Admin Consent. Before you can authenticate normal user's, you will first need to have an Administrator go through the Admin Consent process.
I'm posting this as the answer, because I'm pretty certain this will trip up other developers out there. Up to this point, when getting an access token for AAD v1 apps that use Microsoft Graph, you use "https://graph.windows.net" as the Resource ID. The interwebs are replete with this example, and I have it in my own code that I use for OneNote and other services.
Now with the Graph endpoint for connecting to Teams (and probably other things), the Resource ID you need to use is "https://graph.microsoft.com". Just ran through a quick test using an AAD v1 app with the Microsoft Graph API and Read All Groups permission. I'm sure there's an explanation out there from some MSFT person that might make sense, but I have not found it after many hours of searching the web.
Hope this helps someone.
I have the following requirements:
Create a MVC site with Azure AD authentication.
Fetch lists from SharePointOnline/O365 which also uses the same Azure AD.
Fetch lists from SharePointOnline/O365 anonymously (is it even possible?)
Thanks to VS2015 the first step is trivial.
But how to authenticate the current user in SharePoint? User.Identity does not provide password, so I cannot use ClientContext.Credentials.
I heard there is some Token Provider but haven't found a working case yet. Can anyone help me out?
To get the list of SharePoint online from our MVC sites, you can consider using the Microsoft Graph REST API instead of CSOM.
You can refer here about the list operation of Microsoft Graph. However, since this API is in beta version, it is not recommend to use in the product version.
And you also can refer the link below to get started developing with Microsoft Graph:
App authentication with Microsoft Graph
I am trying to read emails from Exchange online through a Office 365 API.with using my username and password for authentication.
Is it possible to access the O365 api? (only using user credentials)
How can I do that? Anyone can help is appreciated.
If your exchange online is part of Office 365, you should definitively take a look here : http://dev.office.com
You will find many tutorials to get access to your mails.
Take a look here : http://dev.office.com/getting-started/office365apis
It uses the Microsoft Graph to query your mailbox and retrives messages :
https://graph.microsoft.com/v1.0/me/mailFolders/Inbox/messages
The authentication process is provided byt Azure Active Directory, through ADAL SDK.
In Visual Studio, you can create easily an application, and then call the submenu 'Add connected services' and you're done !