Microsoft Graph API for external users - microsoft-graph-api

In my application, I need to get user data like user name and email, also using API, I use find meeting time and create calendar event. Users those will use application will not be in my AD group.
Is there some scenario for making API workable for external users?

There are certain limitations and for guest users in the organizations:https://learn.microsoft.com/en-us/graph/api/resources/users?view=graph-rest-1.0#user-and-group-search-limitations-for-guest-users-in-organizations
For inviting or adding the Add a guest user and send an invitation please refer :https://learn.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal

Related

Microsoft Graph API - how to grant access for my inbox via API to specific user(s)

I have a question about handling permission grants of inboxes via Microsoft Graph API.
Is it possible via Microsoft Graph API to grant another user the access permission to my inbox messages?
I dont found any suitable operation until now.
Retrieving relased mailboxes from another user works fine, but how to make my own inbox visible to specific user that he has the grant to access my inbox?
I dont found a operation under:
https://graph.microsoft.com/v1.0/users.....
or https://graph.microsoft.com/v1.0/me.......
Thanks for your help
According to the documentation, you'll need delegated access.
If the app has the appropriate delegated permissions from one user, and another user has shared a mail folder with that user, or, has given delegated access to that user.
At this moment you have no way to share your mailbox by using the api. If you however shared your mailbox with some other user, they will be able to access it.
I think it's a good thing that you cannot share your mailbox from an app, because it would be easy to compromise a mailbox of some user by a malicious app. If you really want you might be able to share the users mailbox by using EWS (that is the same connection the Outlook app uses).

Sharing a calendar with another user via the Microsoft Graph API

I'm working on an application that does OAuth authorization on behalf of multiple users. My application wants to be able to create a calendar for user A and then share that calendar as read only to user B. It will then create events on that calendar so that they appear for user A as read/write and for user B as read only.
Obviously the Microsoft Graph API supports creating a calendar and putting events on it. My question pertains to the sharing part.
Does the Microsoft Graph API (or the Outlook 365 REST API) support sharing a calendar from one user to another user? I wouldn't want user B to receive the typical email that announces that user A shared a calendar with them. After creating the calendar under user A's account, I'd want to use user A's credentials to set up the sharing permission to user B. Then I would use user B's credentials to add the shared calendar to their list of calendars so that they see it in the Outlook 365 calendar interface.
I've read through a lot of the documentation and have been playing around with a prototype, but I can't find where this use case is supported.
I'm afraid this isn't possible to do via Microsoft Graph. The scenario seems reasonably straight forward, I recommend visiting the UserVoice and adding this suggestion.

Is approval-based sign-ups possible with Slack?

Normally, I invite new members via. email, that I get from them individually.
Let's say I want to campaign publicly for volunteers to join our community, then what is the best approaches with various level of control?
It is not possible out-of-the-box, but you can develop a custom website, where people can apply for your Slack and enter the name and email address.
You can then forward their request for you to approve (e.g. a page with a table of all open requests where each can be approved or denied or an automatically generated email to you etc).
Finally you can auto-invite every approved user with his email address. The Slack API has an undocumented API function that allows that. Check here for my post about that method.
I have done a similar website for inviting people from a gaming community (Eve Online), where they have to first authenticate themselves with their game login before getting an invite to our Slack. It works pretty well. I made this website with PHP, but basically every server based script language will work.

Using OAuth with Twitter in ASP.NET

I am using Twitter as an OAuth provider for ASP.NET MVC 4 web site. I would like to be able to follow up with a registered user at a later date, either by email or via a tweet. Outside of having the user follow me on Twitter, do I have any other options to communicate with the user?
Here is what I unsuccessfully considered:
It appears that there is no way to get access to the email address since Twitter OAuth API does not return it.
It appears I cannot send a direct message unless a user
follows me on Twitter.
"Read/Write/DirectMessage" permissions seem
too intrusive -- all I want to do is send a user a message that a
new product is released -- I don't need any of the write
capabilities that this level of permissions provides.
To recap, if a user used Twitter to sign in to my website, what are my options to contact that user at a later date?
Thanks.
Twitter's solution for this sort of person-to-person communication is the Direct Message, however, Twitter has (rightfully) decided that both parties need to consent to this channel being available. This decision is intended to reduce the amount of spam in the Twitter ecosystem.
Posting public tweets that mention the username will get your users' attention, but it is also broadcasting their relationship with your company to the entire Twitter ecosystem. You will, essentially, be advertising their relationship with your company without their permission. This approach will bring you headaches sooner or later.
Email is probably a better choice for the sort of announcement to existing customers.

Embedding an interactive google calendar in website for multiple groups of users

I am thinking to embed google calendar in my website to achieve the following and was wondering if this is doable in google calendar. Otherwise I have to go find another solution.
I have groups of users with one super user, and rest are regular users as follows:
GroupA
Super User 1
Regular User 1
Regular user 2
etc
Group B
Super User 2
Regular User 3
Regular User 4
etc
Each group have their own calendar. Users in each group can not see the other group's calendar. Only able to see their own group's calendar.
Super users of each group have all access to the calendar (add, modify, delete) and have the ability to control how much access regular users have in their group. (read only? read/write etc)
All users are registered to my website, therefore I am thinking to use only one google calendar account (my own account) to create a calendar for each group. Which leads to a question of authenticating my website to google's API. I need the authentication process to be automatic, hidden away from the user and be done on the server side.
My site is built using PHP/Mysql
Q1:
I have tried the Javascript client library provided by google, however it require the user to type in username/password to log into google so that the authentication (OAuth2) process can work. As mentioned in previous paragraph, I only want the user's to log into my website, they do not need to login again into google account. This should be done on serverside.
I even went as far to create a login form with information prepopulated (hidden from the user, the username/password will be visible in "view page source") and send the request to https://accounts.google.com/ServiceLoginAuth, and make the form automatic submit once the user successfully login into my website. However this causes cross domain issues.
Q2:
I may potentially have 10's of thousands of groups registered on my website. each group may have couple hundred users. Can one single google account create that many calendars?
Q3:
Once the calendar is embedded into my website, it seems to be read-only. Is it possible to make it interactive so super users in each group can add/delete/modify events?
Any ideas/suggestions is much appreciated.
Thank you
No answers? It seems like your question is straightforward. If I understand correctly, you want to access calendars from several Google accounts/users. Each user needs to authorize this access, but they only need to do so once. You could generate these requests and send them out via email, for example. When the user grants permission, Google forwards a grant code to your specified callback_uri. The grant code is extremely volatile. It's used to request a token from Google that apparently lasts indefinitely. So there's no requirement that users continually log into Google.
In Google's calendar/simple.php example. The token is stored as a SESSION variable. Even though the token is persistent, the SESSION variable is not. Users have to grant authorization every time the SESSION variable expires. Storing persistent data in a volatile variable is absurd and probably gives the wrong impression about the OAuth2 token mechanism.
I spent a lot of time writing documentation that I couldn't find anywhere else. Please take a look if you think it might help: http://www.tqis.com/eloquency/googlecalendar.htm
What you're asking isn't possible in Google Calendar.
If you're looking to support thousands of groups and each group needs it's own calendar, then you're saying that you'd need thousands of calendars with access control and you'd need authentication to the calendar to be transparent.

Resources