I'm trying to determine the user's time zone in the BOT that I created. This Bot can be user worldwide and the only way for me to determine the user's timezone is to determine his country (because the channel that i user is skype and there isn't any information about the user's TZ unlike other channel's).
So is there a way to determine the client's country code in azure AD ?
Assuming you are having your users login to your bot with AAD, you could use the same token to access the user's profile via the Microsoft Graph API. The profile will give the users office location which you could then map to for a possible location. It won't account for a user who might be traveling but, it's an option.
You can read the Microsoft Graph docs to learn more and experiment using the Graph Explorer.
As I don't know which SDK or version you are using, if you visit the BotBuilder repo you can find links to samples on how to build a bot that uses OAuth and makes calls to Microsoft Graph.
Related
We have a daemon app that connects to teams using MS graph. It's using "Application Permissions" mode and Admin consent is granted for most permissions. We are able to add channels (private or 'standard'), add/remove members, etc... from this service based on company requirements. All is well.
For the ChannelMessages, we'd like to be able to retrieve them based on userPrincipalName, from the same tenant that the app is registered in. (I know there is an ChannelMessage.Read.All with Application Permission and it requires us to submit a form to MS, we are not currently pursuing that route...).
Do we have to create ConfidentialClientApplication object to communicate with MS graph? If so, how do we create a ClaimsPrincipal or ClaimsIdentity, based only on userPrincipalName? Or is there a different solution to this problem?
Your help is appreciated.
thanks,
Art
I'm developing an application on Microsoft Graph that runs as a daemon, and needs access to many accounts. As a result, I'm using a service account, also known as client credentials (using this method).
I can request the proper scope (calendars.readwrite) however as far as I can see, I cannot restrict to which calendars I have access. In my case, I only need access to the meetingroom calendars, and I'm afraid that organisations will not allow my application if I can also read and write from/to the CEO's calendar.
Is there any way (either while creating the app, or during/after giving admin consent) to restrict my app to only a subset of calendars? Or should I approach this problem differently and (e.g.) not use a service account in the first place?
I saw some information about single sign on in combination with the azure ad. Does that mean I can create a web application that's using the graph api (Calendar , Contact) and using the single sign on for a pleasant user experience. I'm aware of the fact that the user should autorize the application to access his/her private data.
I have already looked on
https://azure.microsoft.com/en-us/documentation/articles/active-directory-sso-integrate-saas-apps/
https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-appssoaccess-whatis/
Yes, you can register an application with Azure AD and use it to leverage the user's identity in the Microsoft cloud (for work and school accounts and for personal accounts) to support single sign-on. In addition that same application can then be authorized to access their data (mail, calendar, files, contacts, etc.) via the Microsoft Graph API.
I am currently working on an application that allows users to upload/download files. My company wants to have user files stored in their One Drive and not on our server. The only problem with this is that we want to avoid double authentication in order to access their OneDrive account.
For example we have n users associated with an organization. This organization has a single OneDrive account that all of the users will share (legal?). Once a user authenticates to our application, the idea is to have our application sign them in without user interaction by using the Live API so that they may access their organizations files.
Do we have to authenticate every time we wish to use this service or just once?
It's not a big deal for us to do this once for every organization when setting up their account but a requirement is to avoid double authentication. We want the OneDrive storage to be transparent to the user.
Does this violate any of Microsoft's Terms and Conditions?
Thanks! Any input is appreciated as I've never worked on a cloud based application before. If OneDrive isn't a viable solution are there any other recommended services my company could look at?
Consumer OneDrive isn't intended for business use and sharing a single OneDrive account for multiple people isn't recommended either. You should look into OneDrive for business for your scenario: https://onedrive.live.com/about/en-us/business/.
OneDrive for Business uses the SharePoint developer APIs: http://blogs.msdn.com/b/sharepointdev/archive/2013/08/13/access-skydrive-pro-using-the-sharepoint-2013-apis.aspx
I found that the Box API does not support a grant type of passworrd. Neither does OneDrive or DropBox. Without this grant type it is impossible to sent a username and password to log a user in.
I have created a project with Google Big Query.
I have one table with data. A service performs insert every hour in the table. The service uses a service account with a p12 file to authenticate without user interaction.
I have developped also a desktop application which authenticate via the browser (OAuth2Authenticator). It works well but eveyone who have a google account can login and accept to use my application, and I don't want that !
Is it possible to specify a list of authorized google accounts for a google big query project ?
Thanks,
Luc.
Yes, you can control who has access to your BigQuery datasets, as well as who is a member of the Google Developer Project that your BigQuery datasets are attached to.
If you are creating a Desktop application, the best way to provide authorization to BigQuery for specific users of a restricted dataset is to use an "installed application" Oauth2 flow. Are you currently using this flow?