Microsoft Graph Mailbag – Azure AD applications and users for testing
source link: https://developer.microsoft.com/en-us/graph/blogs/microsoft-graph-mailbag-azure-ad-applications-and-users-for-testing/?WT_mc_id=DOP-MVP-4025064
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
In today’s Microsoft Graph Mailbag post, we cover Azure AD applications and users for testing Microsoft Graph queries in a development environment.
Please be sure to follow this blog series using https://aka.ms/MSGraphMailbag or with RSS using https://developer.microsoft.com/graph/blogs/feed/?tag=MSGraphMailbag.
Introduction
When developing solutions powered by Microsoft Graph, I like to think through the different authentication flows that are involved. I ask myself questions such as the following:
- Will users interactively log in to the application?
- Does the user need to have an elevated Azure AD role assignment?
- Does the user have any conditional access policies that may be applied?
- What type of credential (password, client secret, client certificate, etc.) will be used?
As members of the Microsoft Graph Customer and Partner Experience (CPx) team, our team tests Microsoft Graph requests almost every day. This includes validating new APIs, prototyping solutions, investigating scenarios with customers and partners, and more. Generally, we are testing across a wide variety of hosting environments – Microsoft Graph PowerShell SDK, Postman, and numerous web apps to name a few. As such, it is helpful to have the required components for authentication already configured in a Microsoft 365 developer tenant so we can quickly and easily test the necessary Microsoft Graph endpoints.
Note: If you don’t have a developer tenant, you can sign up for one through our Microsoft 365 Developer Program.
Sample Azure AD applications
I provision a few sample Azure AD applications in my development environment. The primary applications include:
- Delegated Authentication Graph App
- Intended for delegated authentication flows such as device code or authorization code flow
- Allow public client flow
- Enable implicit grant for access tokens and ID tokens
- Application Authentication Graph App
- Intended for application authentication flows such as client credentials flow
- Configured with client secret and certificate for authentication
- Postman Graph App
- Intended for delegated or application authentication flows
- Redirect URI(s) for Postman callback
- Graph Connectors App
- Intended for application authentication flow
- ExternalItem.ReadWrite.All permission for ingesting content
- PowerShell Graph App
- Intended for delegated or application authentication flows
- Configured with client secret and certificate for authentication
- Separate application since generally testing administrative requests with different permissions
Sample Azure AD users
Aside from testing with different Azure AD applications, I also find it helpful to have a variety of Azure AD users with different configurations. When using a delegated authentication flow, there are a few Microsoft Graph endpoints that require an Azure AD role assignment or Azure AD licensing in addition to normal delegated permissions. The following list is not exhaustive and only a point in time reference as of publish date.
Automate creating Azure AD resources
Having sample Azure AD application and users in a single development environment is helpful, but it is better if I can make this a repeatable process. In a future post I will cover the details of automating the creation of these resources. For today’s post though I’m sharing a few automation options to explore.
Microsoft Graph PowerShell SDK
Conclusion
Having the right Azure AD components ready for testing Microsoft Graph requests can help speed up development when iterating on a solution. In this post, I covered a few questions about the authentication flows or users involved as well as sample Azure AD applications and users to pre-configure in a Microsoft 365 developer tenant.
Today’s post was written by Brian T. Jackett, Senior Program Manager on the Microsoft Graph CPx team. Join us for our next post June 1, 2021.
Recommend
-
6
Microsoft Cloud Show is sponsored by: Nintex has made it fast and easy to put The Power of Process™ to wo...
-
18
Microsoft 365 Microsoft Teams
-
8
Azure AD to Microsoft Graph migration for Azure command line tools. Azure AD to Microsoft Graph migration for Azure command line tools. ...
-
6
@fkilcomminsFrank KilcomminsAPI Technical Evangelist SmartBear. 15+ years tech industry experience. Software engineering, architecture & ❤️ing APIs
-
9
Microsoft Graph Mailbag – Search DriveItems for Only Files Brian February 10th, 2022 In today’...
-
7
Create Azure B2C users with Microsoft Graph and ASP.NET Core This article shows how to create different types of Azure B2C users using Microsoft Graph and ASP.NET Core. The users are created using application...
-
11
Updates Public preview: Microsoft G...
-
5
Invite external users to Azure AD using Microsoft Graph and ASP.NET Core This post shows how to invite new Azure AD external guest users and assign the users to Azure AD groups using an ASP.NET Core APP Connector t...
-
8
Mailbag: Sausage Men Aug 25 202225th August 2022 I haven’t done a mailbag for a long time,...
-
14
Building Go applications with the Microsoft Graph Go SDK, now generally available
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK