1

I am creating an intranet on SharePoint - O365 where I can a widget where I need to pull calendar events and display them for a week. Here is a steps walk through:

a. User log in to Intranet b. Access token is generated to access Office 365 REST API c. Calendar events are fetched and displayed.

Here is my problem:

I thought of 2 options to generate the access token

option a: Create a WCF application which accpets user context and generate the token. This will fetch the results and update a list. My intranet app can read a calendar list and update the widget. This didnt work since I was not able to pass the user context from SP to WCF method so that access token can be generated.

Option b: Use the following code (which I have done as of now) but it display the access token in URL which is not good for the client.

var clientId = '>>sample>>';

var replyUrl    = '<<>>'; 
var endpointUrl = 'https://outlook.office365.com/api/v1.0/me/events';
var resource = "https://outlook.office365.com/"; 

var authServer  = 'https://login.windows.net/common/oauth2/authorize?';  
var responseType = 'token'; 


var url = authServer + 
        "response_type=" + encodeURI(responseType) + "&" + 
        "client_id=" + encodeURI(clientId) + "&" + 
        "resource=" + encodeURI(resource) + "&" + 
        "redirect_uri=" + encodeURI(replyUrl);

window.location = url;

So is there any other way to achieve this??

Ankush

Ankush Bhatia
  • 11
  • 3

1 Answers1

0

Since you mentioned that you want to use the WCF, are you developing an provided host SharePoint app?

If I understand correctly, we can use the Explicit Authorization Code Grant Flow which didn’t expose the Access token to the user agent. The following diagram illustrates the Authorization Code Grant flow: enter image description here

And here is the core code to retrieve the access token for the Office 365 resource for you reference:

var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
        var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

        AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.Authority, new ADALTokenCache(signInUserId));

        try
        {
            DiscoveryClient discClient = new DiscoveryClient(SettingsHelper.DiscoveryServiceEndpointUri,
                async () =>
                {
                    var authResult = await authContext.AcquireTokenSilentAsync(SettingsHelper.DiscoveryServiceResourceId,
                                                                               new ClientCredential(SettingsHelper.ClientId,
                                                                                                   SettingsHelper.ClientSecret),
                                                                               new UserIdentifier(userObjectId,
                                                                                                  UserIdentifierType.UniqueId));
                    string token= authResult.AccessToken;
                    return authResult.AccessToken;
                });

            var dcr = await discClient.DiscoverCapabilityAsync(capabilityName);

            return new OutlookServicesClient(dcr.ServiceEndpointUri,
                async () =>
                {
                    var authResult = await authContext.AcquireTokenSilentAsync(dcr.ServiceResourceId,
                                                                               new ClientCredential(SettingsHelper.ClientId,
                                                                                                    SettingsHelper.ClientSecret),
                                                                               new UserIdentifier(userObjectId,
                                                                                                  UserIdentifierType.UniqueId));

                    return authResult.AccessToken;
                });
        }

The full code sample you can refer to here. And here is a helpful link that discuss the difference between explicit and implicate authentication flow.

Community
  • 1
  • 1
Fei Xue
  • 14,369
  • 1
  • 19
  • 27