Microsoft Graph API's OAuth, Mail,...

Want to develop application to access resources with Microsoft Graph API's then please enroll for this course

3.70 (19 reviews)
Udemy
platform
English
language
Other
category
instructor
Microsoft Graph API's OAuth, Mail,...
164
students
1.5 hours
content
Nov 2022
last update
$19.99
regular price

What you will learn

Learn how to authenticate and work with permissions to securely access data through Microsoft Graph

Learn how to add and register an application using the App registrations experience in the Azure portal

How to get access on behalf of a user

How to get access without a user

Why take this course?

Authentication and authorization basics:

To call Microsoft Graph, your app must acquire an access token from the Microsoft identity platform. The access token contains information about your app and the permissions it has to access the resources and APIs available through Microsoft Graph. To get an access token, your app must be registered with the Microsoft identity platform and be authorized by either a user or an administrator to access the Microsoft Graph resources it needs.


Register your app with the Microsoft identity platform

Before your app can get a token from the Microsoft identity platform, it must be registered in the Azure portal. Registration integrates your app with the Microsoft identity platform and establishes the information that it uses to get tokens, including:

  • Application ID: A unique identifier assigned by the Microsoft identity platform.

  • Redirect URI/URL: One or more endpoints at which your app will receive responses from the Microsoft identity platform. (For native and mobile apps, the URI is assigned by the Microsoft identity platform.)

  • Client secret: A password or a public/private key pair that your app uses to authenticate with the Microsoft identity platform. (Not needed for native or mobile apps.)


Microsoft Graph permissions

Microsoft Graph exposes granular permissions that control the access that apps have to resources, like users, groups, and mail. As a developer, you decide which Microsoft Graph permissions to request for your app. When a user signs in to your app they, or, in some cases, an administrator, are given a chance to consent to these permissions. If the user consents, your app is given access to the resources and APIs that it has requested. For apps that access resources and APIs without a signed-in user, permissions can be pre-consented to by an administrator when the app is installed.



Delegated and application permissions

Microsoft Graph has two types of permissions:

  • Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented by non-administrative users, but some higher-privileged permissions require administrator consent.

  • Application permissions are used by apps that run without a signed-in user present. For example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.

Effective permissions

Effective permissions are the permissions that your app has when making requests to Microsoft Graph. The effective permissions are determined by a combination of the Microsoft Graph permissions that you granted to the app and the privileges of the signed-in user or the calling app. Within organizations, the policy or membership in one or more roles determine the privileges of the signed-in user or an app. It's important to understand the difference between the delegated and application permissions your app has and its effective permissions when making calls to Microsoft Graph.

Effective permissions in delegated versus application-only permission scenarios

  • For delegated permissions, the effective permissions of your app are the least-privileged intersection of the delegated permissions the app has been granted (by consent) and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user.

    Suppose that your app has been granted the User.ReadWrite.All delegated permission and calls the Update user API. This permission nominally grants your app permission to read and update the profile of every user in an organization. However, because of effective permissions, the following restrictions apply to the privileges of the signed-in user:

    • If the signed-in user is a global administrator, your app can update the profile of every user in the organization.

    • If the signed-in user isn't in an administrator role, your app can update only the profile of the signed-in user. It won't update the profiles of other users in the organization because the signed-in user doesn't have those privileges.

  • For application permissions, the effective permissions of your app are the full level of privileges implied by the permission. For example, an app that has the User.ReadWrite.All application permission can update the profile of every user in the organization.

Screenshots

Microsoft Graph API's OAuth, Mail,... - Screenshot_01Microsoft Graph API's OAuth, Mail,... - Screenshot_02Microsoft Graph API's OAuth, Mail,... - Screenshot_03Microsoft Graph API's OAuth, Mail,... - Screenshot_04

Reviews

Jose
July 14, 2023
It was an excellent introduction to the Microsoft Graph API, and how to use the online documentation published by Microsoft. It includes hands-on exercises on how to authenticate to Microsoft Graph, and how to then read, send, update, and delete e-mail messages using Microsoft Graph in Postman. I respectfully suggest to add a brief introduction on how to use Postman for newbies like myself.

Charts

Price

Microsoft Graph API's OAuth, Mail,... - Price chart

Rating

Microsoft Graph API's OAuth, Mail,... - Ratings chart

Enrollment distribution

Microsoft Graph API's OAuth, Mail,... - Distribution chart

Related Topics

4809794
udemy ID
8/1/2022
course created date
8/22/2022
course indexed date
Bot
course submited by