Microsoft Graph API and Outlook API in a Single App

0
votes

I have an app using MSAL connecting to MS Graph and have been able to use the API. There are couple Outlook APIs such as https://msdn.microsoft.com/en-us/office/office365/api/calendar-rest-operations#GetRoomLists, FindRoomLists currently not available in Graph.

I have the need to use both these APIs in a single app? I read a similar question on Stack Overflow and it mentioned, a Token cannot be used for both Graph and Outlook. I did try and it did not work.

Any suggestions? Is my path to quit using Graph and go to Outlook API?

1
outlookazure-active-directorymicrosoft-graph-apimsal

1 Answers

1
votes

MSAL will look up the cache and return any cached token which match with the requirement. If such access tokens are expired or no suitable access tokens are present, but there is an associated refresh token(need offline_access scope), MSAL will automatically use that to get a new access token and return it transparently.

For example, if you use MSAL to redeem the authorization code into an access token for microsoft graph, in openid connect owin middleware :

                AuthorizationCodeReceived = async (context) =>
                {
                    var code = context.Code;
                    string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                    TokenCache userTokenCache = new MSALSessionCache(signedInUserID, 
                        context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance();                            
                    ConfidentialClientApplication cca =
                        new ConfidentialClientApplication(clientId, redirectUri, new ClientCredential(appKey), userTokenCache,null);
                    string[] scopes = { "Mail.Read" };
                    try
                    {
                        AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, scopes);
                    }
                    catch (Exception eee)
                    {

                    }
                },

With scope Mail.Read , you could get an access token for Microsoft Graph, for the purpose of reading the user's mailbox .Now if you want to call outlook mail rest api in a controller/action , you could use scope: https://outlook.office.com/mail.read , MSAL will acquire token for outlook mail rest api using cached refresh token :

            // try to get token silently
            string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
            TokenCache userTokenCache = new MSALSessionCache(signedInUserID, this.HttpContext).GetMsalCacheInstance();            
            ConfidentialClientApplication cca = new ConfidentialClientApplication(clientId, redirectUri,new ClientCredential(appKey), userTokenCache, null);
            if (cca.Users.Count() > 0)
            {
                string[] scopes = { "https://outlook.office.com/mail.read" };
                try
                {
                    AuthenticationResult result = await cca.AcquireTokenSilentAsync(scopes,cca.Users.First());
                }
                catch (MsalUiRequiredException)
                {
                    try
                    {// when failing, manufacture the URL and assign it
                        string authReqUrl = await WebApp.Utils.OAuth2RequestManager.GenerateAuthorizationRequestUrl(scopes, cca, this.HttpContext, Url);
                        ViewBag.AuthorizationRequest = authReqUrl;
                    }
                    catch (Exception ee)
                    {

                    }
                }
            }
            else
            {

            }

Please refer to code sample : Integrate Microsoft identity and the Microsoft Graph into a web application using OpenID Connect.