Is possible for an console application to open a browser, have the user login to Microsoft, grant permissions, and return the OAuth token to the application automatically?
I would like to minimize the need to create a Django or Flask application if the only thing it will do is open a window for the user to login.
I am trying to automate uploads to Microsoft OneDrive that requires minimal user input, zero input would be good but I do not think that is possible.
Python is the preferred language, but I am open to all languages out there.
It's possible to prompt a browser panel from console app. Please take a reference of below samples:
Microsoft Graph C# Console Connect Sample
Python console application for Microsoft Graph
I have a test it on my tenant, it wroks fine here:
BR
Related
I am building an Excel Web Addin. I'll need to authenticate the user against Office 365 and publish the addin to AppSource / Office Store. What is the ideal authentication method to use?
I found tutorials for SSO authentication, but then I read on https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins : "The Single Sign-on API is currently supported in preview only. It is available to developers for experimentation; but it should not be used in a production add-in. In addition, add-ins that use SSO are not accepted in AppSource."
Does this mean SSO applications will still not be accepted to the Store? What authentication flow should I use then? I only need the user to sign in a access my Web API via this identity. If possible, the user shouldn't need to reenter their credentials. Is there a code sample I could follow to get this done?
AppSource is not accepting add-ins that use the preview SSO system at this time.
To authenticate a user with a Microsoft Account or a Work or School (Office 365) account without SSO, the user will need to sign in again even if she or he is already logged into Office. Without the SSO system, the add-in has no way of knowing who is logged into Office, just as an web app open in a browser wouldn't know if Office is running on the machine or who is logged into it.
(Your choice of flow might be affected by whether you have a single page app (SPA) or a server-generated UI. Since you mentioned you have a Web API, I'll assume this is not a SPA.)
I don't know of any sample Office Add-ins that only authenticate the user; but there are a couple that log in the user and then use the Auth Code Flow to get an access token to Microsoft Graph.
PowerPoint Add-in Microsoft Graph ASPNET InsertChart. The Office app is PowerPoint, but the auth-related code would be the same for Excel.
Office Add-in Microsoft Graph ASPNET. This is nearly the same, but has Excel as the Office app. It's not polished. (See the Known Issues in the readme.)
But please keep in mind that an Office add-in is just a web app and -- with one exception -- authorizing a user is the same in an add-in as it would be in any other web app. So, you should be able to use the samples in Azure AD Quickstarts.
The one exception is that you have to open the AAD sign-in page in a special dialog window that is invoked with the Office.js displayDialogAsync API. The 2 samples I linked to above do this. You can get detailed guidance about using the Dialog for auth in the article Dialog API in Office Add-ins.
BTW, Microsoft is in the process of improving its documentation and samples for non-SSO auth. We hope to get these improvements published over the next few weeks.
We're trying to write an automated script (i.e. no user interactions) that pulls YouTube reporting data from API (esp. with Google Python API Client).
Currently, we have a Google user that is a Content Manager of a channel, and we can access its Creator Studio on YouTube.
So far, we have followed the official code sample, created a client secret file for the Google Account, and we're able to access the reports after approving the permissions in a browser popup. However, since we are going to port it to an automated script, this is not practical for us.
Is there a way such that we can have a "client secret file" that allows us to talk directly to Google API without the need for extra verifications?
(The OAuth playground looks promising, as we're able to generate Refresh Token and Access Token there; however, we're not sure about how to use them in the Python API Client...)
What is the best way to do this. I can not find a link. Almost every example is using OAuth2 and native app version of the examples still wants the client app to pop up a browser.
My system does not have a browser. I can make REST requests but that is it.
I just want to use a simple client that can list things on a command line app just by using Outlook.com or Hotmail account. Not for a Work/School account (no Active Directory).
Long story short I don't want to be redirected to a website. I can make http request and parse the response.
These are my limitations. All implementations are in C or c++. Are there an examples with flow diagram?
Technically what you're looking for is the client_credentials grant. You can read about setting this up # Get access without a user.
This grant has some limitations. In particular, it only supports Work/School Accounts. This is because your application will require the consent of an administrator, something not available with a personal Microsoft Account (Outlook.com, XBox Live, etc.). You'll need an Active Directory to authenticate against. You can however set up Azure Active Directory for free.
What would be the best way to obtain an AAD token from an electron app?
Microsoft has 2 javascript authentication libraries: adal.js and msal.js.
Both are designed for browsers and not native Electron apps (For example - AAD won't allow for file:/// scheme as a reply URL).
Sounds like a long term solution would be native AAD packages (like Microsoft built for Apache Cordova), but since that's probably not going to happen any time soon, what is the best short-term option?
Azure Storage Explorer is a good example of an Electron app that does this. It even allows for being logged into multiple AAD accounts at the same time.
You might be able to check out what's going on in the app's dev tools. I've had a poke around and it looks like it uses adal-node npm package instead of the browser based js libraries.
It also looks like it uses an authorization code flow for obtaining tokens.
The Azure AD doesn't support the file protocol as the reply address. To develop the single page application, you can host it on the server and using the server URL as the reply address.
I am currently creating Universal Windows App (native) that uses Microsoft Graph API. For authentication, I used ADAL for .NET library by calling GetTokenAsync() on the AuthenticationContext (https://github.com/AzureAD/azure-activedirectory-library-for-dotnet). The library will automatically prompt a login window for the user to enter its credentials.
Later I was required to open a OneNote URL on a web browser. I managed to get the note URL from the Microsoft Graph API (OneNote API) and then I realized when I tried to open the URL on a browser I was redirected to the Microsoft login page (http://login.microsoftonline.com).
This is not very good for user experience because they needed to enter their credentials twice (on the ADAL prompt window and on the browser). Is there any way whatsoever so that the user can do the login activity only once?
User needs to enter their creds on Microsoft online website but not twice. please debug the app and store this context ticket so you can use it in your win universial app. by the way, make sure that you are not pointing your app to two different api endpoints. go with the Microsoft graph api endpoint but not any other legacy endpoint for your app. Hope this helps.