Page cover image

Microsoft Graph

There is an included Graph client with two authorization models built right in.

Most of the prebuilt functionality is around the drive, site, lists and teams workloads. However, you can easily extend the functionality if you need something specific!

Authorization

To use either, go to https://portal.azure.com and create an app registration.

Client_Credentials

This authorization type is used when supplying direct application ID/Secrets from a registered application. The registered permissions are usually administratively granted and there is no delegation ("as a user") required.

PerigeeApplication.ApplicationNoInit("Graph", (c) =>
{
    var Graph = new GraphClient("tenant", "appID", "appSecret", c.GetLogger<Program>());
});

That's it! Once you have the client, call other methods:

var site = Graph.GetSiteByPath(new Uri(@"https://company.sharepoint.com/sites/dev1"));
var drive = Graph.GetSiteDrive(site.id);

Authorization_Code + Refresh_Code

This authorization type is best used when you're authorizing a user and your application permissions are assigned as delegated.

A good example of this is a service account authorized to pull a DataVerse table, or read teams messages.

PerigeeApplication.ApplicationNoInit("Graph", (c) =>
{
    //Define client
    var Graph = new GraphClient("tenant", "appID", "appSecret", 
    "offline_access user.read Team.ReadBasic.All", 
    "https://localhost:7201/api/token", 
    "", //Optional domain, leave blank unless talking to dataverse
    c.GetLogger<Program>());

    //Give it the initial code, so it can refresh and retrieve the authorization_code and refresh_code
    CredentialStore.RefreshAuthorizationCode(Graph.credentialName, "CODEHERE");
    
});

And there you have it, once the initial code is supplied the client is automatically maintained from there on out. If a new token is required the refresh token is automatically supplied and you don't have to think about it again!

var teams = Graph.GetJoinedTeams();

Full Demo

To see a full demo including receiving a token from the the response, and awaiting the credentials on load:

Graph Delegated Authorization + DataVerse

SDK

The SDK methods closely match what's defined in the Graph 1.0 documentation.

Custom Graph Call

If a method is missing or you need to override functionality, feel free to use the built in call to submit your own call with authorization, credential management, and retries built in.

Use RestGraphCall, as shown below:

var response = Graph.RestGraphCall<GraphAPIModel.Generic.Response>(
    $"/sites/{sync.siteID}/lists/{sync.ListName}", Method.Get);

Last updated