We are developing an application for transferring files to and from OneDrive for Business (ODFB). The UI is a web application using Azure Active Directory for authenticating and the actual processing is done asynchronously by a WebJob:
Client side (one AAD application):
[JavaScript application]
Server side (another AAD application):
[Web API] <> [Queue] <> [WebJob]
The Web API receives a file transfer request from the client app. The request is put into the Queue and is processed asynchronously by the WebJob.
For this to work, the WebJob must be able to access ODFB on behalf of the user – that is; using a Bearer-token when up/downloading files to/from ODFB. We are currently using the OneDrive for Business API (https://{tenant}-my.sharepoint.com/_api/v2.0).
Previously we saved a Refresh Token (issued on the client for the server AAD application) alongside with the transfer request – that way the WebJob was able to redeem the Refresh Token to get a ODFB Access Token by calling. check this link As you might have noticed, the client coordinates are the client app – not the server app! Which is obviously wrong, but that was the only way we could make it work.
We are certainly not happy using the Refresh Token – but we couldn’t figure out any other way to make it work. And since we upgraded to ADAL 3.10 everything stopped working due to the missing Refresh Token :-)
So the big question is: How do we refactor the solution to enable asynchronous processing by a WebJob?
Any pointers would be very much appreciated. Thank you in advance!
