Note: There is a good article written by Matthias Leibmann, Program Manager in the Exchange team, on using OAuth to access Calendar, Contact and Mail API in Office 365.
It's not as easy as doing a "GET" request to a single endpoint. You first have to go through the Oauth flow, of course, because you want to get meaningful user data.
I'm using Advanced REST client, an app for Chrome that you can obtain in the Chrome Web Store.
It seems that lots of folks use Fiddler, but I find it overly complicated and too heavy for this purpose. Advanced REST client is really lightweight and focuses on making REST requests and seeing responses. If you want more, check out Fiddler.
1. Assuming you have already registered your application with Azure (a post on how to do this will be coming up soon), you can use Advanced REST Client to make a GET authorization request:
response_type=code
&client_id=YOUR_CLIENT_ID_HERE
&resource=RESOURCE_HERE
&state=SOME_UNIQUE_STRING_HERE
&redirect_uri=YOUR_REDIRECT_URL_HERE
Resource looks like "https://dreamfactories-my.sharepoint.com", client id looks like "08632ea7-3847-48b8-b43a-b99568e3a2c4", state is some unique string used to prevent CSRF (you can put something like "12345" for demo purposes), redirect URI is the URL that you registered in AAD for where your users will be sent after authorization. Note that for the purposes of this demo, you don't actually have to point to something valid that is own your domain. You can just put "https://www.google.com", as long as it matches with what you registered in Azure AD.
Press Send and you get a response that looks like this:
See that ?code= query parameter after https://www.google.com? That contains the authorization code. Copy that.
2. Make another request to obtain an access token so you can actually make calls to the resource. The POST request looks like this:
POST https://login.windows.net/common/oauth2/token
In the body of the request,
client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&code=AUTHORIZATION_CODE_FROM_STEP_1&grant_type=authorization_code&redirect_uri=YOUR_REDIRECT_URL
Client ID is from Azure AD, Client Secret is the same as "Key" and is also from Azure AD. Code is the authorization code you obtained in Step 1. Grant type is authorization code because that is the information you are sending over. Redirect URI is what you registered on Azure AD.
The screenshot above shows what you should send and what you'd receive. Notice you get an access token. Copy that.
3. Make a request to get files from the user's OneDrive for Business. The GET request looks like this:
GET https://dreamfactories-my.sharepoint.com/personal/kloh_dreamfactories_onmicrosoft_com/_api/files
In the header of the request, put:
Authorization: Bearer {YOUR_ACCESS_TOKEN_FROM_STEP_2_HERE}
You'll be able to figure out what to put before /_api/files from the discovery service. A blog post on that will come soon. You'll get what looks like this:
Voila! The response contains your files!
As promised, posts on Azure AD app registration and Discovery Service will come soon. Check this blog regularly for updates!
No comments:
Post a Comment