Office 365 Rest API - Daemon Week Authentication

Office 365 Rest API - Daemon week authentication

Instead of a client_secret in your request body, you need a client_assertion. This is a bit more complex, but it's the reason you need that certificate.

Basically you need to build a JSON Web Token and sign it with your certificate using a SHA256 hash. The token is going to look something like this:

Header:

{ 
  "alg": "RS256",
  "x5t": "..." // THUMBPRINT of Cert
}

Payload:

{
  "aud": "https:\\/\\/login.windows.net\\/<The logged in user's tenant ID>\\/oauth2\\/token",
  "exp": 1423168488,
  "iss": "YOUR CLIENT ID",
  "jti": "SOME GUID YOU ASSIGN",
  "nbf": 1423167888,
  "sub": "YOUR CLIENT ID"
}

If you're still with me, you now need to base64-encode both pieces (separately), then concatenate them with a '.'. So now you should have:

base64_header.base64_payload

Now you take that string and sign it with your certificate, using a SHA256 hash. Then base64-encode the result of that, url-encode it, then append to the string, so now you have:

base64_header.base64_payload.base64_signature

Finally, include this in your POST to the token endpoint as the client_assertion parameter, and also include a client_assertion_type parameter set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer":

req.set_form_data(
    :grant_type    => 'client_credentials',
    :redirect_uri  => 'http://spready.dev',
    :resource      => 'https://outlook.office365.com/',
    :client_id     => '== Client ID ==',
    :client_assertion_type => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
    :client_assertion => 'base64_header.base64_payload.base64_signature'
  )

I hope that helps! This is all based on my research into how ADAL does it, and I haven't tested it myself in Ruby.

Building Daemon or Service Apps with Office 365 Unified API

Office 365 Unified API doesn't yet support client credential flow. Stay tuned, as we are working actively to add support.

How to read calendars which are shared by others in Office 365 REST API

No it doesn't. Right now the API only supports accessing your data, it doesn't support accessing other folks, even if they've given you access. This is a feature we are looking at adding, but I don't have a timeline to share.

Could not retrieve app only tokens for office 365

The error indicates there's a problem with your signature. Comparing with a working one, it is way shorter. Be sure you're signing the string with an RSA SHA-256 hash. Using HMAC is probably causing the issue.


Related Topics

Diff a Ruby String or Array

Rails 5: Activerecord or Query

Why Does String Interpolation Work in Ruby When There Are No Curly Braces

Pass Parameter by Reference' in Ruby

What Are the Ruby File.Open Modes and Options

What Does a Double * (Splat) Operator Do

Rails Has_Many :Through Find by Extra Attributes in Join Model

Output Array to CSV in Ruby

How to Find an Item in Array Which Has the Most Occurrences

How to Have Methods Inside Methods

In Ruby, What's the Relationship Between 'New' and 'Initialize'? How to Return Nil While Initializing

When Monkey Patching an Instance Method, Can You Call the Overridden Method from the New Implementation

Why Is "Slurping" a File Not a Good Practice

Double VS Single Quotes

Why Does Ruby 1.9.2 Remove "." from Load_Path, and What's the Alternative

How to Find Where a Method Is Defined At Runtime

Why Use Symbols as Hash Keys in Ruby

How to Assign a Variable in an If Else Statment Check


Leave a reply



Submit