Is it possible to print a document to a shared universal printer via the graph api using application authentication (ie. no user interaction) using either client secret or client certificates? I can't seem to find any documentation on this use case.
Thanks
No, currently Application permission type is not supported for creating a print job thru Graph API, you need a delegated user permission for submitting print jobs. Application permission is used in creating print task definition for setup pull printing. More details here: (https://learn.microsoft.com/en-us/graph/universal-print-concept-overview#extending-universal-print-to-support-pull-printing)
Related
My use case requires me to integrate teams with an app. Whenever a message is sent from that app, a private channel will be created and the message will be sent to teams. I've been reading the documentation and it has only confused me further. Do I need to use graph or bot? Can I do this using only graphs or only bot?
It's possible to send a message using Graph API - see here for more: https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=http
HOWEVER, there are two ways to authenticate with Graph, either via an "application" permission (kind of like background service), or via "delegation", which means your app would work on behalf of a user. For this specific Graph endpoint, Microsoft mentions in the page that Application permissions are only allowed for "migration" (e.g. if you were building a tool to migrate from, say, slack to Teams). That means that you would have to use "delegation" which means the message would appear to come from a specific user.
As an example, instead of the message coming from "ABC Application", it would appear to come from "Syed Muhammad Ibrahim". If that's ok, then you can use Graph. If not, you would need to go the Bot route.
I'm attempting to take advantage of the public preview of Microsoft Graph reporting APIs for retrieving Office 365 product usage data. I have an application registered for Graph that successfully executes Graph calls for non-reporting APIs (i.e. the access_token I generate with my app is successfully used to access users information for a tenant: https://graph.microsoft.com/beta/users) but when I try any of the report resources I encounter the below error:
Invalid scope claims/roles.
According to the documentation I've read this would seem to imply that my app does not have the necessary permissions for reports but this is not correct as I have confirmed that the app has the "Read all usage reports" application permission enabled.
Has anyone else encountered similar challenges with the Microsoft Graph reporting APIs and have any suggestions that I could try?
If you added this scope after you had already authorized the application, it may still be using the previous/cached list of scopes. You can force re-authorization by adding ?prompt=consent to your initial authorization URL. For example:
https://login.microsoftonline.com/common/oauth2/authorize?client_id={app id}
&response_type=code&redirect_uri={redirect uri}&prompt=consent
I'm trying to use Microsoft Graph from my app via REST API graph.microsoft.com/beta/schemaExtensions
Here is what I did:
Register app at https://apps.dev.microsoft.com
Checked for all Delegated and Application authorizations
Got access token without a user based on OAuth Client Credentials Grant flow
Asked for Admin Consent with access token retrieved from point 3. and it was successful using https://login.microsoftonline.com/tenant/adminconsent?client_id=xxx&state=12345&redirect_uri=http://localhost:8081
POST to /beta/schemaExtensions with access token retrieved from point 3. and I have this error:
Authorization_RequestDenied - Insufficient privileges to complete the operation
So here are my questions, hoping someone could help me:
How do I check if delegate authorization is ok after Admin Consent request?
Which privileges are missing to use schemaExtensions?
My app should work without a user, it's the preferred approach.
Couple of things here.
Extensions is GA and available on the /v1.0 version. Please use that instead of /beta.
We don't support schema extension registration using application permissions. It requires the Directory.AccessAsUser.All permission today (we're also investigating if there's another less privileged permission we can use here) per the create schema extensions topic.
Registering a schema extension can be a separate process from your application actually using the extension to create custom data on target object instances.
As such we are making a change (should be available shortly) to allow you to register and manage schema extensions for your app using Graph Explorer. There is also a user voice request to have a UI experience in app registration for schema registration/management. Please vote for this if it's important to you.
I'll update this post once Graph Explorer supports registering and managing schema extensions.
Hope this helps,
To answer the follow up question, the calling user should have read/write access to add custom data to another user. However, you can use open extensions to add custom data using /me/extensions to calling user (as long as the app has user.readwrite or higher permissions).
let's say I've created slack app and I have client id and secret.
What is the easiest way to get SLACK_APP_TOKEN in my hands that will be able to create channel?
If you want a proper access token that is related to your Slack App the only way to get it is to install your Slack app with the OAuth process as described here in the Slack documentation. You will need a mini website with a script (e.g. PHP) to perform the installation.
The so called test token will also allow you use the Slack API (e.g. to create a channel), provided that the user that created the test token has that right on your Slack. It is the easiest to obtain, but it will always be linked to a user account, not a Slack app. And you can not request specific scopes for it. So for most applications its better to use a Slack App and get a proper access token by installing it.
If you are looking for an example for an installer script, here is a complete script in PHP. It will run on any webserver that supports PHP. Its very basic, but it will work just fine.
I tried to create a testing client id for an android app which uses OAUTH 2.0 as login for retrieving user profile. I followed the steps to complete the creation of the client id on google console, but I do not see anywhere the client secret. I'm trying to help my employer with getting google credentials for it's app. I know how to implement OAUTH 2.0 in android, but I need client secret to exchange the code with access token.
First, I selected "Google+ API" from Services tab.
Then followed the on screen steps from API Access tab.
It seems that Google finally ditched the unnecessary client_secret for installable applications and is not yet up-to-date with their documentation.
You should check if you already get an access_token in the initial OAuth request like it's handled on Facebook.
Another possibility would be to fall back to using a Simple API Access key.
Update:
First method seems to not work with Google.
The recommended way for Android is to use AccountManager instead of baking your own requests. Follow this example to see how this is implemented and how you get an AuthToken using a Simple API Access key. Instead of using the Tasks API you can then include the OAuth2 API library to retrieve the userinfo.
Click on "Download JSON "
Is it what you're looking for ?
Since almost everything from the accepted answer has been deprecated, I thought I'd share what I've found.
I needed the People API which requires a client secret. What Google recommends for using People API with Android is,
Select the application type Other, enter the
name "People API Quickstart", and click the Create button.
Found here: https://developers.google.com/people/quickstart/java
(Step 1 part e)
So if you need a client secret, you might consider using the Other type. Of course, follow the documentation for your specific API first.
Just today I found out that on the new Cloud Console we can see the client secret for android apps - while in the old google console we just can't.
To use the new Cloud console, just click on the message "We are improving the experience. Try the new Cloud Console." Google will ask for a SMS confirmation. Now you'll be redirected to the new cloud console
Now, just select your project, click on "Registered Apps" on the left menu, selected your android app, and voilá, on oAuth 2.0 Client Id you'll see your client secret. No idea why on the old google console it's not displayed, but if you really need a client secret key, it's there.
Now that the type Other is unavailable, I used type Desktop since I wish to upload using Visual Studio which is a Desktop app. That worked, I got the client id and client secret.
When you update any changes in the credential, make sure you could see the client ID and secret in the dashboard before downloading.
Google cloud takes at the least 10 seconds to regenerate the client id and add it in the json.
Once json is downloaded you can check for client_secret to be present.
source said that :
Visit the Google Developers Console to obtain OAuth 2.0 credentials such as a client ID and client secret that are known to both Google and your application. The set of values varies based on what type of application you are building. For example, a JavaScript application does not require a secret, but a web server application does.
Another solution is that you have to create a client ID with the type of "Installed Application" then you will have the Client secret