question

PatrickRote-3473 avatar image
0 Votes"
PatrickRote-3473 asked ·

Authenticating against the Azure AD of my 365 tenant - want to use office 365 sso authentication for my app

Hi All,
Not sure if this is the right place to ask this question.
I have a web application using just html/js etc.. but would like to use graph api/rest api sharepoint data as the back-end.

Further I want to use following url credentials for Single Sign On in my web application.
I would like the web app to to be integrated with office 365 after login in to SharePoint online / portal.office.com


The question is what will be the process of authentication?
Do i need to look in into the adal.js?

Thanks in advance

azure-ad-authenticationazure-ad-tenantazure-ad-libraries
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

shashishailaj avatar image
0 Votes"
shashishailaj answered ·

Hello @PatrickRote-3473 ,

ADAL.js is an old library and it is better to use MSAL.js now. You would need to go through the developer guidance and register your web application to the Azure AD . You can use the MSAL.js library for integrating the JS web application for single signon to your Azure AD tenant and then calling Sharepoint data in the back-end by using graph API . I am not sure about your exact scenario on how you have designed the application but you can review the authentication flow article and decide on one of the flows depending on your requirements. You can use the auth code flow to signin users and call the Microsoft Grpah API from your Javascript single page app . Once the user is authenticated, your application can request consent from the user and get access to user's information using the Graph API for SharePoint sites on behalf of the user.

The sharepoint sites Graph API v1.0 provides support for the following scenarios. There are other scenarios which the beta endpoint for Graph API may support but we don't recommend using the same in production.
- Access to SharePoint sites, lists, and drives (document libraries)
- Read-only support for site resources (no ability to create new sites)
- Read-write support for lists, listItems, and driveItems
- Address resources by SharePoint ID, URL, or relative path

The site resource type has multiple types of methods available. Every method requires some permissions that needs to be setup before-hand for your application on the application in azure AD and the same can be found by traversing the page for the method .

15136-image.png

I have provided links to the related articles and quick-starts . I would suggest you to go through them and it will help you understand how to design the application authentication flow. I would suggest you to create a test application using the tutorial for the JavaScript app and this tutorial talks about calling Graph API and getting the details from users resources (sites/calender etc.)

When you say that you want the we app to be integrated with Office365 after logon to portal.office.com/Sharepoint online, I assume that you mean to see the app in Office 365 app launcher . You can add your app to your organisations Office 365 portal app launcher experience by adding custom tiles to app launcher.

I have included multiple links as this is a vast topic and going through each of the links in the order they appear would give you a better idea. Hope the above explanation helps you with information that you need and guides you to the right path. If you have any other queries , please let us know and we will be happy to help . In case the information is useful , please do accept the post as answer so that its helpful to other members of the community searching for similar answers.

Thank you.



image.png (33.3 KiB)
· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi ShashiShailaj-MSFT,
Thanks so much for your detailed reply. Will go through each section more in detail and digest the info

Some few questions for you though..
- I believe i would have to register my web application in Azure AD to be able to use MSAL.js with my js application - (Is this a must?)
- If my site is under azurewebsite.net (The free websites in azure) would it work for this scenario.

My main goal with this is to be able to host my web application some where but be able to have a login interface for office 365.
When users login using azure AD office 365 as a authentication provider then i would be able to use graph api data as the backend for the website.

Hope this makes sense.

Thanks in Advance





0 Votes 0 ·

Hello @PatrickRote-3473 ,
Yes registering is a must if you want to use Azure AD Identity system for authentication. As you need to call graph API , you need to have the app registered. It is like creating an identity for your application within your Azure AD tenant. If you are creating an application which only is to be used within your organisation then you can just register the application as a single tenant app within your own Azure AD tenant . If you are creating an application which you will publish to marketplace and let other users with different Office365 susbcription access the same then you need to register it as multi-tenant. You can define the replyURL parameter to your application's URLso that after auth , the resultant token is posted to your app. Yes you can create a website under azurewebsite.net and host it on Azure App service with Azure AD authentication


1 Vote 1 ·

I believe , it would take some time but you should be able to get it done after going through the information that i had shared. Should you have any other queries while going though it , you can let us know and we will surely help you further. In case the conversation have been helpful ,please do accept the post as answer so that its helpful to other users and the relevancy of the answer in the forum improves.

Thank you.

1 Vote 1 ·