Hi Malaka, Noted.
*Thank youVivekananthan Sivanayagam* *Associate Software Engineer | WSO2* *E:[email protected] <e%[email protected]>* *M:+94752786138* On Thu, Mar 17, 2016 at 10:58 AM, Malaka Silva <[email protected]> wrote: > Hi Vivekananthan/Thulasika, > > In this typical OAUTH flow you mentioned, there is an user interaction. > > But for SAAS app use cases MS has provided Admin Consent to access the api. > > IMO we should have both the options in our connectors. > > [1] > https://blogs.msdn.microsoft.com/exchangedev/2014/06/05/managing-user-consent-for-applications-using-office-365-apis/ > [2] > https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks > [3] https://msdn.microsoft.com/en-us/library/office/dn707383.aspx > > On Thu, Mar 17, 2016 at 1:00 AM, Vivekananthan Sivanayagam < > [email protected]> wrote: > >> Hi All, >> >> I am going to implement a connector for Microsoft office Outllook Mail, >> for that I did a research on authentication part first and I have shared >> below what I understood during the initial research. >> >> The Office 365 API[1] services use Azure Active Directory (Azure AD) to >> provide secure authentication to users' Office 365 data. To access the >> Office 365 APIs, we need to register our app with Azure AD[2]. At run time, >> created app can continue to use Azure AD and OAuth to authenticate >> application requests[3]. >> >> Authorization Code Grant Flow Diagram >> >> [image: Inline image 1] >> >> 1. The client application starts the flow by redirecting the user >> agent to the Azure AD authorization endpoint. The user authenticates and >> consents, if consent is required. >> 2. The Azure AD authorization endpoint redirects the user agent back >> to the client application with an authorization code. The user agent >> returns authorization code to the client application’s redirect URI. >> 3. The client application requests an access token from the Azure AD >> token issuance endpoint. It presents the authorization code to prove that >> the user has consented. >> 4. The Azure AD token issuance endpoint returns an access token and a >> refresh token. The refresh token can be used to request additional access >> tokens. >> 5. The client application uses the access token to authenticate to >> the Web API. >> 6. After authenticating the client application, the web API returns >> the requested data [4]. >> >> [1] >> https://msdn.microsoft.com/en-us/office/office365/howto/rest-api-overview >> <https://msdn.microsoft.com/en-us/office/office365/howto/rest-api-overview> >> [2] >> https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/#BKMK_Native >> [3] https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx >> <https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx> >> [4] https://www.youtube.com/watch?v=TjuJE7Zc1Qk >> >> >> >> >> *Thank youVivekananthan Sivanayagam* >> >> *Associate Software Engineer | WSO2* >> >> *E:[email protected] <e%[email protected]>* >> *M:+94752786138 <%2B94752786138>* >> > > > > -- > > Best Regards, > > Malaka Silva > Senior Tech Lead > M: +94 777 219 791 > Tel : 94 11 214 5345 > Fax :94 11 2145300 > Skype : malaka.sampath.silva > LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 > Blog : http://mrmalakasilva.blogspot.com/ > > WSO2, Inc. > lean . enterprise . middleware > http://www.wso2.com/ > http://www.wso2.com/about/team/malaka-silva/ > <http://wso2.com/about/team/malaka-silva/> > https://store.wso2.com/store/ > > Save a tree -Conserve nature & Save the world for your future. Print this > email only if it is absolutely necessary. >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
