How to Register your app with Azure AD | Microsoft Graph API OAuth 2.0 | Authentication | POSTMAN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] do you want to use microsoft graph rest apis that is to read and write resources on behalf of a user with the help of your application then you are at the right place in this video series we are going to cover how to access any microsoft graph rest apis that is to read or write any resources on behalf of a user i am here in the official documentation page by microsoft on authentication and authorization i will provide the link for this in the description please check out the link for more details now let's see what this means in brief as it says to use microsoft graph that is to read and write resources on behalf of a user your app must get an access token from the microsoft identity platform and then attach this token to the request and send to the microsoft graph we'll learn in detail what this mean actually this is nothing but it is making use of our 2.0 authorization code current flow if you look at the steps involved in authentication and authorization in this odd 2.0 authorization code grant flow it involves five steps the first is we need to register our application with azure id which we are going to do in this class itself then we will look at how to get authorized we will generate a code and with the help of that code we are going to get an access token and then we are going to make use of this access token and going to make use of microsoft graphic apis for demonstration purpose we will try to send an email with the help of graph api mail service and send a mail from our outlook account to gmail account also there is a refresh token that also will see this access tokens are short-lived means they will be available to use only for predefined tap that it will expire suppose if you want to use that service or the graph api still with the help of access token with the help of refresh token we can generate a new access token with the help of newly generated access token we will be able to make a call to microsoft graph apis in order to read or write any resources without wasting much time let's proceed with our first step in authentication and authorization the first step involves we have to register our app in order to register our app we need to click on this app registration portal i am clicking on this so this will ask to login i will log in with my outlook account if you are using a corporate account that you can populate over here click on next next stage will ask to enter the password i will enter the password over here i am giving s this is going to open up the portal.azure.com once you are in the welcome screen we need to follow few steps in order to register our application let's go back to our documentation this documentation says in order to configure an app that is to use odd 2.0 authorization code grant flow save the following values when registering an app we'll look at how we can register an app first thing is we need to get the application id which is assigned by the app registration portal when we register an app this will be available next is we need to generate a secret that we will see how we can do that redirect you right we are going to test with the help of postman so the direct uri populating the postman's redirect uri in your case you can populate the redirective array from where you are making the call like the callback url it is suppose on generating the access token where it has to send back those tokens it is basically that it says let me go to portal.azure.com first step is we need to click on this app registrations under azure services also we can search our resources over here in the search bar let me click on this app registration as i told i am going to demonstrate this use case with the help of microsoft outlook send email we are having a blog on this by microsoft on microsoft docs.com now if you scroll down there is a postman collection and all if you want you can just download now here it says how to create an azure id application i'm going to follow those steps as we entered into this portal.azure.com next is we need to click on this app registrations we have selected that and it has opened up our application i already have one application which i created previously but for demonstration i am going to register a new application next it says we have to click on this new registration let me click on new registration i will name this as outlook api 2. from here we need to select the accounts accounts in any organization directory personal account or multi-tenant as well as personal microsoft account i'm making use of my personal outlook account so i'm selecting this one and if you are using your organization directory then you can just select this and if you are using only personal microsoft account that you can use let me click this so that i can demonstrate most of the use cases what you encounter with your personal or corporate accounts once done we need to click on register now let's see the documentation it says we need to set the redirect uri this will do now now we need to save those details one is the client id let me copy this and save in notepad let me save it over here next is a tenant id this if you want we can just save and save it over here then we need a client secret so client id is nothing but this is the application id client secret we are going to generate now in order to generate the client secret we need to follow those steps over here before that let me populate the callback uri for the postman that is this one let me copy this from here go to azure there is this option to add the redirect uri click on this add a redirect uri here we have to click on this add a platform from here we need to select this web and here we need to populate the redirect uri once done click on configure so our callback uri will be visible over here also at the time of registering the app there also we can populate if you want to know how we can do that just go back to home go to applications registrations click on new registration app here if you scroll down we can just select the web and populate our callback url that also you can do this is another method let me close this and go to our application that is outlook api too now we have done this next step involved is we have to add few permissions for the api let me go to this click on api permissions over here now we need to add few permissions click on add permission now let's see what kind of permission we need for sending an email so it says we need to search for this under delegated permissions go to request api permission select this microsoft graph select this delegated permission delegated permission means your applications need to access the api as a signed in user so you can bypass this if you set as application permissions so that your application runs as a background service that is without sign in user we will see how to do that click on enter it's over here we need to select this read all let me verify yeah it is correct click on add permission so this got added now we need to add few more permissions over here let me check what it is under application permission there also you have to search for external item select this microsoft graph select application permission here expand this and select this after this we need to add few more permissions for the mail let me search for mail over here it's over here i want to send the mail read the mail mail read write all those i will select once done click on add permissions so we are done with adding all the permissions so the next step involved is we need to get the client secret generated in order to do that click on the certificates and secrets click on this new client secret here we need to provide some name i'm giving this post man secret for mail done i'm setting expats in three months you can do custom as well go to customs and set your own start date and enter it let me end this in three months click on add so we need to make a note of this client secret this is the value of client secret which will be available only for short span once you switch over to another page from here this will be masked let me copy this and save in the notepad secret id also i will save done now we are done with generating our secret we gave the permissions now let's go back to this page under registering your app it says we need to have this application or the client id that we have already we have generated the secret and we have provided the redirect uri before moving ahead and testing our api let's now walk through some basics as we had seen under the permissions there are two permissions delegated and application delegated permissions these are used by the apps which have signed in user present you should be present over there in order to access that application for these apps either the user or an administration should explicitly provide the consent to the permissions so that the app request and the app can act as a signed in user on your behalf and make use of microsoft graph apis application permissions are used by the apps which can run without a signing user present like a daemon or a background service you can have a look at this and also you can go for the permissions and see each and every permissions available under delegated as well as under applications we had selected few but there are many now we will make use of our generated client secret and send an email so i am here in the documentation for this send mail so here there is a sample provided we can make use of this and send a mail with the help of postman let me switch over to the postman now i am here in the postman line and have provided the api over here in order to send them in those details you can find in this api documentation that is this one i am providing in the postman content type is json and the http method is post i have copy pasted the exactly same json message over here in the body over here only i have modified the subject that is odd 2.0 postman and the content i have replaced with hello this is the first mail with microsoft graph api an email address i have updated accordingly now coming to authorization from the auth i have selected or 2.0 from here we need to populate few things one is the authentication url access token url those details we can get from this site we will learn in detail how we can generate authorization and token one by one and instead of using this inbuilt or 2.0 feature in postman we will generate those tokens one by one and we will make a call with a simple authentication or the basic authentication so those urls you can find it over here you can provide the tenant id that is available under overview over here that is this one or you can use the common i have made use of common as i'm using the personal account so this you can accordingly change the authorized url and for token if you scroll down there is the url over here that is this one you need to provide again the tnt you can provide the common or you can provide the tenancy id of your cloud account now once you populate all the details you need to provide the scope as well all those are specific to the resources now here i'm making use of mail send adding this scope so again the scope you can find under api permissions what we have added go to api permissions it is this one mail send as i'm sending the mail that is send mail as any user that i am providing the scope over here that's it nothing else and also you have to make sure the callback url whatever redirect uri you have provided in the application while registering the app in azure id that you have to provide it over here once you provide all the details just click on these cookies as of now there are there is no cookies available i am closing this just click on this get new access token now if you see it won't ask me to sign in because i have already provided application permission so it will directly send me over here where i just need to click on s i don't have to sign in that is because of application user type for mail send score so authentication has been completed click on proceed and click on use token now just click on this send so we will get a mail in our gmail account as you can see status is 202 accepted now let's switch over to gmail account and check whether we have got the email or not as you can see over here i have received the email with subject or 2.0 postman and here is the email body this we have received from our outlook account that is this one this is exactly similar to what details we had provided over here that is under subject and the body content so this was just a demonstration how we can register an app and how we can make use of the details what we get in order to make use of the resources but our main focus over here is in this series to access on behalf of a user wherein we will manually generate the authorization code then we will make a call to get the access token then we are going to make use of this graph apis and invoke with the help of basic authentication not with odd 2.0 so in step by step we'll learn how we can do that and at the end in the last or final class we will learn how to generate access token with the help of this refresh tokens here is the big announcement for our subscribers and viewers we are launching membership program for binum learning you may now join binam learning as a member and get exclusive perks or the rewards in order to know more or join and be a member you need to go to our channel after landing into our channel page you need to click on this join when you click on join you will get various membership plans accordingly you can select and unlock the perks or the rewards which are available for that particular membership for more details you can anytime come over to our page and click on this join button similar steps you can follow over the phone as well you can go to our channel there you will find the join button you need to click and check the memberships and select one among the many and become a member of venom learning channel it includes various perks like exclusive videos only for members early access of videos to members and lot of other perks available if you are happy with our content and want to thank us or support us you can straight away come to this link and you can buy as a coffee like one three five so these numbers are equivalent to us dollars if you want to buy more coffees you can just enter the number over here and click on buy we would like to thank all our subscribers viewers and members for showing your support and constantly helping us by giving your valuable feedback so that we bring good content to you regularly thank you once again and happy learning [Music] [Music] you

Info

Channel: BEENUM LEARNING

Views: 16,680

Rating: undefined out of 5

Keywords: beenumlearninginspiration, beenumlearning, beenumstudio, oracle, microsoft, microsoft graph api, Authentication and authorization, Get access on behalf of a user

Id: fEb4KUbTdQc

Channel Id: undefined

Length: 16min 39sec (999 seconds)

Published: Sat Aug 06 2022