Microsoft
Microsoft Graph
Microsoft
Building apps for enterprise customers? Your app may not work if your enterprise customer turns on enterprise mobility security features like conditional device access. In this case, you may not know and your customers may experience errors.
To support all enterprise customers across all enterprise scenarios, you must use the Azure AD endpoint and manage your apps using the Azure Management Portal. For more information, see Deciding between the Azure AD and Azure AD v2.0 endpoints.
This article describes the tasks required to get an access token from the Azure AD v2.0 endpoint and call Microsoft Graph. It walks you through building the Connect Sample for Android and explains the main concepts that you implement to use Microsoft Graph in your app for Android. The article also describes how to access Microsoft Graph by using either the Microsoft Graph SDK for Android or raw REST calls.
To use Microsoft Graph in your app for Android, you need to show the Microsoft sign in page to your users, as shown in the following screenshot.
Don't feel like building an app? Get up and running fast by downloading the Connect Sample for Android that this article is based on.
To get started, you'll need:
Register an app on the Microsoft App Registration Portal. This generates the app ID and password that you'll use to configure the app.
Sign into the Microsoft App Registration Portal using either your personal or work or school account.
Choose Add an app.
Enter a name for the app, and choose Create application.
The registration page displays, listing the properties of your app.
Copy the application ID. This is the unique identifier for your app.
Choose Add Platform and Mobile application.
Note: The Application Registration Portal provides a Redirect URI with a value of urn:ietf:wg:oauth:2.0:oob. However, you'll use the default Redirect URI value of https://login.microsoftonline.com/common/oauth2/nativeclient.
Choose Save.
Start a new project in Android Studio. You can leave the default values for most of the wizard, just make sure to choose the following options:
This provides you with an Android project with an activity and a button that you can use to authenticate the user.
Note: You can also use the Starter project that takes care of the project configuration so you can focus on the coding sections of this walkthrough.
You'll use an OAuth library to simplify the authentication process. OpenID provides AppAuth for Android, a library that you can use in this project.
Open the build.gradle file in the app module and include the following dependency:
compile 'net.openid:appauth:0.3.0'
final AuthorizationService authorizationService =
new AuthorizationService(this);
@Override
public void onClick(View view) {
Uri authorizationEndpoint =
Uri.parse("https://login.microsoftonline.com/common/oauth2/v2.0/authorize");
Uri tokenEndpoint =
Uri.parse("https://login.microsoftonline.com/common/oauth2/v2.0/token");
AuthorizationServiceConfiguration config =
new AuthorizationServiceConfiguration(
authorizationEndpoint,
tokenEndpoint,null);
List<String> scopes = new ArrayList<>(
Arrays.asList("openid mail.send".split(" ")));
AuthorizationRequest authorizationRequest = new AuthorizationRequest.Builder(
config,
"<YOUR_APPLICATION_ID>",
ResponseTypeValues.CODE,
Uri.parse("https://login.microsoftonline.com/common/oauth2/nativeclient"))
.setScopes(scopes)
.build();
Intent intent = new Intent(view.getContext(), MainActivity.class);
PendingIntent redirectIntent =
PendingIntent.getActivity(
view.getContext(),
authorizationRequest.hashCode(),
intent, 0);
authorizationService.performAuthorizationRequest(
authorizationRequest,
redirectIntent);
}
At this point, you should have an Android app with a button. If you press the button, the app presents an authentication page using the device's browser. The next step is to handle the code that the authorization server sends to the redirect URI and exchange it for an access token.
You need to make your app ready to handle the authorization server response, which contains a code that you can exchange for an access token.
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="https"/>
<data android:host="login.microsoftonline.com"/>
<data android:path="/common/oauth2/nativeclient"/>
Bundle extras = getIntent().getExtras();
if (extras != null) {
AuthorizationResponse authorizationResponse = AuthorizationResponse.fromIntent(getIntent());
AuthorizationException authorizationException = AuthorizationException.fromIntent(getIntent());
final AuthState authState = new AuthState(authorizationResponse, authorizationException);
if (authorizationResponse != null) {
HashMap<String, String> additionalParams = new HashMap<>();
TokenRequest tokenRequest = authorizationResponse.createTokenExchangeRequest(additionalParams);
authorizationService.performTokenRequest(
tokenRequest,
new AuthorizationService.TokenResponseCallback() {
@Override
public void onTokenRequestCompleted(
@Nullable TokenResponse tokenResponse,
@Nullable AuthorizationException ex) {
authState.update(tokenResponse, ex);
if (tokenResponse != null) {
String accessToken = tokenResponse.accessToken;
}
}
});
} else {
Log.i("MainActivity", "Authorization failed: " + authorizationException);
}
}
Note that you have an access token in this line String accessToken = tokenResponse.accessToken;. Now you're ready to add code to call Microsoft Graph.
You can use the Microsoft Graph SDK or the Microsoft Graph REST API to call Microsoft Graph.
The Microsoft Graph SDK for Android provides classes that build requests and process results from Microsoft Graph. Follow these steps to use the Microsoft Graph SDK.
<uses-permission android:name="android.permission.INTERNET" />
compile 'com.microsoft.graph:msgraph-sdk-android:1.0.0'
compile 'com.google.code.gson:gson:2.7'
String accessToken = tokenResponse.accessToken; with the following code. Insert your email address in the placeholder marked with <YOUR_EMAIL_ADDRESS>. final String accessToken = tokenResponse.accessToken;
final IClientConfig clientConfig =
DefaultClientConfig.createWithAuthenticationProvider(new IAuthenticationProvider() {
@Override
public void authenticateRequest(IHttpRequest request) {
request.addHeader("Authorization", "Bearer " + accessToken);
}
});
final IGraphServiceClient graphServiceClient = new GraphServiceClient
.Builder()
.fromConfig(clientConfig)
.buildClient();
final Message message = new Message();
EmailAddress emailAddress = new EmailAddress();
emailAddress.address = "<YOUR_EMAIL_ADDRESS>";
Recipient recipient = new Recipient();
recipient.emailAddress = emailAddress;
message.toRecipients = Collections.singletonList(recipient);
ItemBody itemBody = new ItemBody();
itemBody.content = "This is the email body";
itemBody.contentType = BodyType.text;
message.body = itemBody;
message.subject = "Sent using the Microsoft Graph SDK";
AsyncTask.execute(new Runnable() {
@Override
public void run() {
graphServiceClient
.getMe()
.getSendMail(message, false)
.buildRequest()
.post();
}
});
The Microsoft Graph REST API exposes multiple APIs from Microsoft cloud services through a single REST API endpoint. Follow these steps to use the REST API.
<uses-permission android:name="android.permission.INTERNET" />
compile 'com.android.volley:volley:1.0.0'
String accessToken = tokenResponse.accessToken; with the following code. Insert your email address in the placeholder marked with <YOUR_EMAIL_ADDRESS>. final String accessToken = tokenResponse.accessToken;
final RequestQueue queue = Volley.newRequestQueue(getApplicationContext());
String url ="https://graph.microsoft.com/v1.0/me/sendMail";
final String body = "{" +
" Message: {" +
" subject: 'Sent using the Microsoft Graph REST API'," +
" body: {" +
" contentType: 'text'," +
" content: 'This is the email body'" +
" }," +
" toRecipients: [" +
" {" +
" emailAddress: {" +
" address: '<YOUR_EMAIL_ADDRESS>'" +
" }" +
" }" +
" ]}" +
"}";
final StringRequest stringRequest = new StringRequest(Request.Method.POST, url,
new Response.Listener<String>() {
@Override
public void onResponse(String response) {
Log.d("Response", response);
}
},
new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.d("ERROR","error => " + error.getMessage());
}
}
) {
@Override
public Map<String, String> getHeaders() throws AuthFailureError {
Map<String,String> params = new HashMap<>();
params.put("Authorization", "Bearer " + accessToken);
params.put("Content-Length", String.valueOf(body.getBytes().length));
return params;
}
@Override
public String getBodyContentType() {
return "application/json";
}
@Override
public byte[] getBody() throws AuthFailureError {
return body.getBytes();
}
};
AsyncTask.execute(new Runnable() {
@Override
public void run() {
queue.add(stringRequest);
}
});
You're ready to try your Android app.
Check the inbox of the email address that you configured in Call Microsoft Graph. You should have an email from the account that you used to sign in to the app.