How to invoke Microsoft GRAPH API from within SharePoint Online page

Question

I need to invoke the GRAPH API from a SharePoint Online page. Could someone share a JavaScript example? The examples available in the GRAPH site are for invoking the GRAPH API from outside SharePoint Online.

I know a token is required for each request, and you must sign-in to get that token. However, if I'm calling the GRAPH API from within SharePoint Online, it means that I'm already authenticated, so it doesn't make sense to sign-in again. The token should be available somewhere, and I don't know how to get it (it's not available in the SharePoint Online URL).

Answer 1

The Microsoft Graph is protected by Azure AD which supports using OAuth to retrieve the access token for calling it.

As far as I know, the token issuer of SharePoint is different with Microsoft Graph.

SharePoint:

In the low-trust authorization system, the issuer is Azure ACS and it's GUID is 00000001-0000-0000-c000-000000000000. And its format is GUID@SharePoint realm GUID.

Microsoft Graph:

The issuer is the security token service from users's tenant. And its format is like https://sts.windows.net/049bef5f-8841-4000-984b-c3f36bdb2d8c/.

Based on my understanding, it is not able to request the Microsoft Graph directly in the SharePoint online page. As a workaround, you can build a web service using Client Credentials flow which doesn't need users participate in the authentication as the service agent for the Microsoft Graph.

Or if you want the Microsoft Graph to support this feature, you may submit the feedback from here.

Answer 2

As of 2018, Microsoft recommends to use the class called MSGraphClient to connect to Microsoft Graph. The GraphHttpClient has been deprecated.

Here's a guide: https://learn.microsoft.com/en-us/sharepoint/dev/spfx/use-msgraph

Here is an example from Microsoft of using it inside a webpart:

export default class HelloWorldWebPart extends BaseClientSideWebPart<IHelloWorldWebPartProps> {
 public render(): void {
   // ...

   const client: MSGraphClient = this.context.serviceScope.consume(MSGraphClient.serviceKey);
   // get information about the current user from the Microsoft Graph
   client
     .api('/me')
     .get((error, response: any, rawResponse?: any) => {
       // handle the response
   });
 }

 // ...
}

Answer 3

When you register a provider hosted SharePoint app/add-in this app uses ACS as a token server. Microsoft Graph uses the newer AAD STS server. To call Microsoft Graph from a SharePoint page you need to register an app that can call Microsoft Graph. Microsoft Graph supports CORS and you can do and XHR from the SharePoint page. On runtime user's wont need to sign in again, due to SSO. But in code you do need to deal with getting the two access tokens, one from ACS to call CSOM APIs and one from the newer STS to get tokens for Microsoft Graph.

Answer 4

You are correct. If you're already logged into SharePoint, you don't need to pass security again. You can call the Search API and add some properties to the query in order to access the Office Graph data.

https://msdn.microsoft.com/en-us/office/office365/howto/query-office-graph-using-gql-with-search-rest-api

Here is an example I am using today (no spaces - the backslashes need to be passed in, so escaping characters is important):

/_api/search/query?QueryText='*'
&Properties='GraphQuery:ACTOR(ME\,action\:1021)'
&RowLimit=5
&SelectProperties='URL,Title,ModifiedOWSDate,ModifiedBy,ContentType'
&sortlist='created:1'

This returns items in the personal feed of the user that is logged in (same as Delve).

Hope that helps!

UPDATE:

This has been deprecated. https://msdn.microsoft.com/en-us/office/office365/howto/query-office-graph-using-gql-with-search-rest-api