Microsoft Teams is a chat-based collaboration tool that is part of the Office 365 suite of services. Teams enables local and co-workers to work together and collaborate through a common work-space, using features such as team chat, one-on-one chat and document collaboration.
Graph in Tabs
Microsoft Graph is one of the best APIs out there. It gives developers access to almost every o365 service and the data that lives in them. You would think that Graph and Teams would be tightly tied together, and at some point they may be. As of today, there are a few gotchas you need to look out for when combining these two.
Here is what Microsoft says about using them;
To use the Microsoft Graph APIs, you must get an access token. When your app is running in Microsoft Teams, the only difference is that you must drive the authentication flow, as described in Authenticate a user in your Microsoft Teams tab.
Be careful if you use the Microsoft Graph APIs for team resources, rather than those for the current user, because the two have different consent models. Typically, users can directly consent to your Microsoft Teams app within a specific team. However, currently an admin must also consent to your app (as registered in Azure Active Directory) using these group APIs, at which point the app then has API access to all the groups or teams for each user. (See Group permissions for more information.) You should therefore ensure that your Microsoft Teams app handles not having the permissions it needs, and that it respects the user's intention about the teams in which it should operate.
The biggest thing I have noticed from a gotcha standpoint, is using a SPA website you would normally get your token by a login redirect, then reading the location hash on return. It seems to me that when a page is displayed in a teams iframe, the same location hash is used to pass the information to teams js library, so login in to graph in the normal SPA way seems to break that, so it becomes an either or in SPA.
If you are looking to get Teams Graph info from the beta channel the good news is your an build a server side API and use the Azure AD client/secret model to serve up a token to your SPA page without the need for login redirection and access that data.
These issues are going to need to have a little better solution long term, if indeed the audio manipulation API is going to be a graph api, because one will want to see only the current logged in user for call manipulation, and frankly there are going to be organizations that will not want to give every 3rd party app, access to too much non user scope permissions.
These issues are going to need to have a little better solution long term, if indeed the audio manipulation API is going to be a graph api, because one will want to see only the current logged in user for call manipulation, and frankly there are going to be organizations that will not want to give every 3rd party app, access to too much non user scope permissions.
Doug Routledge
Teams, Skype for Business, SQL, Exchange, UC, Full Stack Developer
Doug is the co-found of Bridge Communications, and also leads the development team.
|
No comments:
Post a Comment
Any spam comments will be deleted and your user account will be disabled.