Getting Started With Microsoft Graph API For Python Development (Set Up & Authentication)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right so i've been trying to figure out how to use microsoft graph api in python to automate different office applications such as onenotes to the app onedrive and outlook for the past eight months and maybe even longer and unfortunately the official documentation didn't help very much and most of the tutorials focus on building web application using flash or django and until recently i was able to finally figure out a face stable workflow that i'm pretty satisfied with connecting to microsoft graph api to automate different office applications all right so if you don't know what microsoft graph api is if we go to the overview page microsoft graph api is a rest restful web api that enables you to access microsoft cloud services if you go to the overview page these are some informations i can take a look and unfortunately uh like i said the documentation isn't very well organized so i was never able to figure out how to connect to microsoft graph api in python until now all right so first want to go to address portal and if you don't have account get an account and it's free on the top want to search for app registration oh so here we are cover the agenda first all right so these are the things i want to cover in this video so the first one we're going to cover is i'm going to show you how to register an app then we're going to install the azure python client library and i'll show you two different methods to offer decay the first method is going to be using the authorization code for method number two we're going to acquire the access token by login to our account and this method is useful when you want to build an application that you want to distribute to a sub party and this one is more for uh personal projects all right so here let's go into advertisements page i'm going to show you everything from scratch alright so here first we're going to create a new app so we're going to click on new registration and let's call this a python graph api demo and from the supported account types i'm going to choose the set option because it seems like the third option will gives you the most flexibility to connect to the api all right so here we need to specify the redirect uri and i'm going to choose web and for this i'm going to simply insert a local host ui and the uri can be anything it doesn't matter if the page is a live page or is a page that doesn't exist next we're going to register the app all right so we have created the app if we look at the overview page or the summary page we have different ids i want to go into my python script and create a blank python script a name in c1 for this demo i'm going to name my script graph api demo dot pi all right so here i'm going to create a variable code let's do client secret and we don't have the secret yet that's okay we're going to acquire the client secret later alright so here let's create the variable to store the application id or the client id and it's going to be this id right here now go back to the app page on the left hand side we have several different options click on certificates and secrets and we're going to generate a new secret we only need a secret for method number one for method number two we're going to prompt the users to login to acquire the access token so essentially we just need to generate the access token to be able to connect to microsoft graph api all right so here we create my secret first i'm going to set the expression uh time period so let's do uh 24 months and add all right so here we have two different sets of values one is secret id and the other one is secret value we only need the value so here we copy the value and i'll save the value to client secret variable let me increase the font size right so let's go into graph explorer so this is the platform where you can test out the api on the left hand side are different products that you can access using graph api so you'll have onenote on your drive microsoft to-do app outlook service all right so here if i simply select one of the service or my feed i'm going to download on get and this is going to generate the endpoint url for me i'm going to run the query and here's the json output that i expect to see when i make the request to this endpoint all right so let's see right so the next step is we need to enable the scopes let me add that here enable scopes so before you can connecting to any office application service we need to enable the scope if we go to let's see i've got the option let me take a look okay so if we go to api permissions and right now we have user that read permission and this permission will allow my program or this app to access my account's profile information a form to access different applications such as outlook onedrive they want to go to the product and you'll be on the microsoft graph product and here we have two different permissions set i'm going to click on delegate permissions and these are all the scopes associated to all the graph api products and for now i'm going to just give you a quick demo on some of the scopes all right so if you want to use uh outlook let's you know i'll look let's do notes so this is going to be the scopes associated to onenote's application if you want to allow the app to access to your onenote's profile or the content then we need to enable some of the onenote scopes and for now i'm going to keep things simple i'm only going to enable the default scope which is my profile and this is the endpoint all right so let's see so what done with item number one and item number two all right so let's go ahead and uh install the python package for microsoft azure launch your terminal and i'm using first go let me change my environment to azure cloud all right so to install the azure python package you want to use the command click install msal and now they have the package installed now we're going to import the library from the top we can say import ms al and from msal i'm going to import the public client application class so this class is used when we want to construct an application instance in this case will be python graph api demo application instance all right so this word things get really tricky because uh the documentation enters some of the endpoint url that we need to use and that's required many actually not many just couple but it was pretty confusing for me to figure out all right so here we're going to grab uh the end point or the base rail from graph explorer uh page and the permanent link right here which is this portion right here is going to represent the service name that you want to access so for example if i want to connect to my excel web application if i click on the get request and it's going to be the endpoint that i need to provide to access my excel file on the web i guess the important is pretty similar alright so let's go back now i'm going to create another variable i'll call the variable endpoint and it's going to be oh here let's call this base url and the endpoint is going to be based real plus the permalink then we need to create a dictionary i'll name the dictionary scopes so for instance if i go into my app's products page and currently the only scope that i have available for this app to access is the user.read scope if i click on add a permission microsoft graph api delegated permissions now let's set on to assets let's take a look because there are quite many it should be on the user okay so right here so under the user group check this user.export.org scope to allow the app to be able to export my users accounts information and this is going to be the scope value so i'm going to copy the scope and i'll assign that to my scopes list if i need to add additional scopes i can simply copy paste the scope value and let's send the scope to the scopes list all right so going back to the top now i need to create civil urls the first one is going to be the authority url and this is the url that we need to use to login to acquire the access token and the address is going to be https blogging dot microsoft online dot com slash consumers slash okay so at this point we have all the version to access to microsoft graph api in python alright so it's going to be method number one authentication words authorization code so here i'm going to insert the msl library and i want to insert this class called confidential client application and i'll name the output client instance in the class we need to supply the client id and it's going to be the application id then we need to provide the client secret value and should be client could ensure this equals to client secret oh let me go back to the top i want to import the web browser module then we need to provide the authority url to the audio to url parameter all right so here let me go ahead and run this code block oh this should be authority all right so we have created the client instance if i print the object type this is a confidential client application option we can acquire the access token here if we go back to the graph explorers platform if we click on access token and here's the access token generated by the platform itself and if we go to request headers so respawn headers and unfortunately this location doesn't help us to figure out how to connect to the api itself so here's what we need to do we need to reference client instance option they want to use the get authorization requests throughout method and we'll provide the scopes and i'll name the outputs authorization request url if i run this statement if i print the authorization request url variable it's going to give us a url that we need to open to acquire the authorization code so here let me use the web browser module that open and i want to supply the url and i want to open the browser in a new window now if i run this line here oh i guess i just open the uh page on the same browser that's okay all right so it's going to prompt me to grant the permissions to the app now click on yes and it's going to redirect the page to the localhost url that i specify when i register my app and if we look at the end so here we have a piece of code and it's the authorization code that i was referring to and copy the code i'm going to store the code in a viable code authorization code now we can take this code and to request the access token and let's name this as access token so from the client instance option i want to insert the acquire token by authorization code inside the method we need to supply the code to the code parameter then we need to supply the scopes to the scopes parameter and if i run this code block oh let me create a code first and if i print the access token from the output we should now see the access token is now generated the access token is going to expire in one hour and after that i just need to re-request the access token now to make the api code to acquire my profiles inflation here i'm going to create my headers and it's going to be authorization and the value is going to be beer space plus the access token oh uh all right so because i forgot this is actually a dictionary not the token id itself so i'm going to create another variable let's call this access token id and from access token onto raffins the assets token key and this will be access token id right so here let's make a request call to get my profile information so here we are import the requesters library from the crisis library i want to make a get request and the endpoint is going to be here let me move the endpoint here it's going to be the base url plus the permanent link now if i go ahead and create the response option oh it is it's not created you can go ahead and create the headers if i go in the create the response option if i print the response option we now have the status code 200 if i print the json option and here's my profile inflation which is going to be identical to uh this inflation right here generated by microsoft graphs platform all right so that's method number one and method number two is logging to acquire access token so the difference between this method and the first method is this step is skip we're going to log into our account to get the access id so let me terminate this session and now come on method number one actually let's do this i'll clean out the script and i'll name this as demo2 dot pi now copy the script over except that i'm going to delete memphis method number one all right so here let me go ahead and create an instance of the public client application object right so here we need to provide the application id in the authorization url to the authority parameter and i'll run this code block to create my app object from the app option this method code git accounts and if the application is already authenticated then it's going to return the account's information that i can retrieve to acquire the asset token that was generated before but right now i haven't authenticated my account yet so here let me go ahead and finish this statement here i'll name the outputs accounts and here i'm going to say if accounts it's not empty then i can acquire the access token using the acquire token silence method and we just need to provide the scopes in the accounts option and assuming that it's always going to be the first account since there can be multiple accounts on the same pc so this will be up to you to figure out how you want to work the logic oh if we want we can skip this step which means that every time or when we authenticate we just need to prompt the user to login and i know this is a little bit more troublesome but it's more secure that way all right so we're going to initial the flow and which is to pump the users to login in from the app object we want to insert the initiate device flow method and we need to provide the scopes and we go ahead and create the flow object now if i print the follow option this is going to give us let's see i'm getting here invalid client well i know why here let's go back to the app itself all right so this one more thing that we need to uh we need to set okay if you go back to the apps dashboard go to authentication and here want to enable allow public client flow so this will allow a sub product user to be able to use the application all right so here we try again i'll recreate the flow archer let me terminate this session and i forgot to save this setting alright so let's go back okay so here i'm getting here public client should not possess credential all right so let me do this i'm going to pause the video meanwhile let me troubleshoot this youtube real quick so i figured out the issue and it was a pretty uh silly mistake right so here uh let me take out the module name so inside the public client app application class i forgot to specify the parameter name and this will be authority now let me go ahead and rerun this code block and i'm going to create the flow option and if i print the flow option we now have a user code in the device code so here if we look at the dictionary there's a key code verification uri now i'm going to insert the web browser's library and i want to open the link so from the full option i want to reference the verification uri link oh this should be open right so it's going to prompt us to insert a code and the code is going to be located so if we reference the full option info reference the message key and let's call this uh let's call this uh let's just call this app code all right so if we look at the message or the output so here's saying that to sign use the browser to open this page and enter the code that'll be able to uh so this is the so if we go back to the flow option and it's the same code as the user code i'm going to insert my user code and the code you enter hex expire let me try again actually i can spend verification code all right so you see that the code indexes by uh that's weird let me take a look okay so this time it worked i don't know what happened anyway the page is going to prompt you to log into your account and send to your account and it's going to ask you to grant permission to the app and click on yes all right so here we get the message you're now signing to follow by the app name and i can close this tab and to create the access token from the app object one to reference acquire token by device flow method and insert the flow option i'll name the output is resell if i print the result option and here's our access token that we need to provide to connect to the graph api and the rest of the steps is going to be the same as method number one which is going to be this and it's going to be resolved oops you sell access token now let me go ahead and run this code block oh let's see it is okay so uh let me go ahead and reveal find my account and i'm going to enter my verification code and log into my account and i'll try the access token and i'll go ahead and generate my asset token id variable and create my headers now i can go ahead and make the request call and if we look at the json response here's my profile expansion all right so this is going to be everything i'm going to cover in this video and i hope you guys found this video useful in this voice thank you guys for watching i'll see you guys in the next video

Info

Channel: Jie Jenn

Views: 60,190

Rating: undefined out of 5

Keywords: Microsoft Azure, Microsoft Graph API, Microsoft Graph API with Python, Set Up Azure Python

Id: 1Jyd7SA-0kI

Channel Id: undefined

Length: 32min 16sec (1936 seconds)

Published: Wed Feb 16 2022