question

Muzib avatar image
0 Votes"
Muzib asked jeremythake answered

Is it possible to edit an Excel file located in onedrive using Microsoft Graph API from an app without having to sign in?

This idea may seem crazy, but is it really possible? I have found Excel API which can be used to edit an excel file located at onedrive, given that, I first sign in to my microsoft account. But I have also found this doc: https://docs.microsoft.com/en-us/graph/auth-v2-service which describes how to get access token without a user and it says:

Some apps call Microsoft Graph with their own identity and not on behalf of a user.

which is I think, my situation here.
So I thought that it's possible. But after hours of trying, I couldn't achieve it. Is it really possible?

azure-active-directorywindows-uwp
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

KatMemenza-9509 avatar image
3 Votes"
KatMemenza-9509 answered

tl;dr: I do not think you can anonymously use Graph + Excel API for this. Depending on the use case, there may be better practice recommendations.

I think it depends on a lot of factors. Obviously you would have to allow anonymous sharing to the excel file in the first place for unregistered users to be able to view and edit, right? Not a bad start.

Where I think you will encounter a problem is that even if you register an app in Azure AD to facilitate the permissions in Graph, there are limited options supported accounts types; see the screenshot below to see the options currently available. Not only that, but this raises some security and compliance flags as well.

alt text



annotation-2019-11-01-154315.png (8.4 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

russrimm avatar image
0 Votes"
russrimm answered russrimm edited

Have you considered using Flow? There are endless possibilities for triggering a Flow, and a Flow can pull data via Graph API by requesting an access token using a secret key after you do a one-time creation + permissions of an app in Azure AD. No user would need to login, and you can pull the data from Azure AD or wherever you want using Graph, and automatically save it to Excel when your trigger triggers it. Flow would have a connection to your Excel in Excel Online so it would use that connection automatically using your credentials.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jeremythake avatar image
0 Votes"
jeremythake answered

The Excel APIs require you to be signed in using a delegated access token. You cannot access the Excel APIs anonymously. As documented here https://docs.microsoft.com/en-us/graph/api/resources/excel?view=graph-rest-1.0#authorization-and-scopes

Unfortunately, the Workbook APIs on Microsoft Graph only support delegated access, not application access. So you could not create a web api that your user could access anonymous and poke through using an application access token.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.