Is it possible to edit an Excel file located in onedrive using Microsoft Graph API from an app without having to sign in?

Question

question

Muzib asked · Nov 01, 2019 at 05:21 PM

Is it possible to edit an Excel file located in onedrive using Microsoft Graph API from an app without having to sign in?

This idea may seem crazy, but is it really possible? I have found Excel API which can be used to edit an excel file located at onedrive, given that, I first sign in to my microsoft account. But I have also found this doc: https://docs.microsoft.com/en-us/graph/auth-v2-service which describes how to get access token without a user and it says:

Some apps call Microsoft Graph with their own identity and not on behalf of a user.

which is I think, my situation here.
So I thought that it's possible. But after hours of trying, I couldn't achieve it. Is it really possible?

azure-active-directory windows-uwp

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2019-11-01T19:54:16.887Z

KatMemenza-9509 answered · Nov 01, 2019 at 07:54 PM

tl;dr: I do not think you can anonymously use Graph + Excel API for this. Depending on the use case, there may be better practice recommendations.

I think it depends on a lot of factors. Obviously you would have to allow anonymous sharing to the excel file in the first place for unregistered users to be able to view and edit, right? Not a bad start.

Where I think you will encounter a problem is that even if you register an app in Azure AD to facilitate the permissions in Graph, there are limited options supported accounts types; see the screenshot below to see the options currently available. Not only that, but this raises some security and compliance flags as well.

alt text

annotation-2019-11-01-154315.png (8.4 KiB)

·

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 2 · 2019-11-02T03:15:50.057Z

russrimm answered · Nov 02, 2019 at 03:15 AM

Have you considered using Flow? There are endless possibilities for triggering a Flow, and a Flow can pull data via Graph API by requesting an access token using a secret key after you do a one-time creation + permissions of an app in Azure AD. No user would need to login, and you can pull the data from Azure AD or wherever you want using Graph, and automatically save it to Excel when your trigger triggers it. Flow would have a connection to your Excel in Excel Online so it would use that connection automatically using your credentials.

·

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 3 · 2020-02-11T22:13:04.287Z

jeremythake answered · Feb 11, 2020 at 10:13 PM

The Excel APIs require you to be signed in using a delegated access token. You cannot access the Excel APIs anonymously. As documented here https://docs.microsoft.com/en-us/graph/api/resources/excel?view=graph-rest-1.0#authorization-and-scopes

Unfortunately, the Workbook APIs on Microsoft Graph only support delegated access, not application access. So you could not create a web api that your user could access anonymous and poke through using an application access token.

·

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question