Overview

Microsoft recently revealed the new Graph APIs at the recent MS Build 2017. These APIs provide a single unified endpoint to access different Microsoft Products, which means you no longer have to deal with different methods of authentication across different platforms. An exciting addition to this is the new and updated Microsoft Authentication Library (MSAL), which is conveniently available across .Net, iOS, Android, and JavaScript. This consolidated library will be used to authenticate both Microsoft personal and Azure AD School and work accounts.

In order to access Microsoft Graph functionality, the first step is to authenticate and get the access token using MSAL, which will be discuss in this tutorial.

Pre-Requisites

Install Microsoft.Identity.Client Package

Make sure you have added the Microsoft.Identity.Client Nuget Package to your project. To add the pacakge Go to Tools > Nuget Package Manager > Package Manager Console

Install-Package Microsoft.Identity.Client -Pre
Install Microsoft.Identity.Client Pacakge
Install Microsoft.Identity.Client Pacakge

Register your application to get Client Id

Make sure you register your application at the Microsoft Application Registration Portal and make a note of the Client id / Application Id. This Client Id will be required later when authenticating the user account.

https://apps.dev.microsoft.com/portal/register-app
Register your application
Register your application
Note the Client Id/Application Id
Note the Client Id/Application Id

1. Request Token

The very first step is to request a token. Once authenticated, the requesting application receives a token, which further can be used to query Microsoft Graph API. This token is used to access certain resources, such as user’s information, send emails, read OneNote notebooks and many other protected resources. We use the AcquireTokenAsync method to acquire the token interactively, as it displays the user sign-in window as seen below.

    //Set the scope
    private string[] _Scopes = new string[] { "User.Read" };
    public static PublicClientApplication clientApplication = new PublicClientApplication(_ClientID);
    authResult = await App.clientApplication.AcquireTokenAsync(_Scopes);
Interactive Sign-In
Interactive Sign-In
Allow permission for requested Scopes
Allow permission for requested Scopes

2. Receive and Parse Token

AcquireTokenAsync method returns an object of class AuthenticationResult, which is stored in the variable authResult. The actual token is stored in the authResult.AccessToken property. We check if the object returned by the function call AcquireTokenAsync is not null and then parse the object and display it accordingly.

if (authResult != null)
{
    DisplayParseAuthResult(authResult);
    string response = await SendGetRequest(authResult.AccessToken);
    DisplayAPIResponse(response);
}

3. Send GET Request with token

Once the token is received, we send a GET request attaching the access token as a header using the HttpClient class. The GET request is sent to the https://graph.microsoft.com/v1.0/me Graph API Endpoint.

//Set the API Endpoint
string _GraphAPIEndpoint = "https://graph.microsoft.com/v1.0/me";

HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + _AccessToken);
Uri GraphAPIEndpointUri = new Uri(_GraphAPIEndpoint);

4. Display Graph API Response

The response from the Graph API call is returned in the form of HttpResponseMessage object. We then serialize the HTTP content to a string using the ReadAsStringAsync method. This string is then displayed on the UI.

HttpResponseMessage response = await httpClient.GetAsync(GraphAPIEndpointUri);
var content = await response.Content.ReadAsStringAsync();
Display Token and Graphi API response
Display Token and Graph API resposne

Source Code

You can find the source code at Github MSALAuthentication repo along with the Visual Studio 2017 solution.

Final note

This is a very brief introduction to get you started using the MSAL and calling the Graph API. You can use the token received for further calls to the Graph API, as long as the token is in the header of the GET request. If you have any questions or concerns, feel free to leave a comment.