Office 365 Rest API - Daemon week authentication
Instead of a client_secret
in your request body, you need a client_assertion
. This is a bit more complex, but it's the reason you need that certificate.
Basically you need to build a JSON Web Token and sign it with your certificate using a SHA256 hash. The token is going to look something like this:
Header:
{
"alg": "RS256",
"x5t": "..." // THUMBPRINT of Cert
}
Payload:
{
"aud": "https:\\/\\/login.windows.net\\/<The logged in user's tenant ID>\\/oauth2\\/token",
"exp": 1423168488,
"iss": "YOUR CLIENT ID",
"jti": "SOME GUID YOU ASSIGN",
"nbf": 1423167888,
"sub": "YOUR CLIENT ID"
}
If you're still with me, you now need to base64-encode both pieces (separately), then concatenate them with a '.'. So now you should have:
base64_header.base64_payload
Now you take that string and sign it with your certificate, using a SHA256 hash. Then base64-encode the result of that, url-encode it, then append to the string, so now you have:
base64_header.base64_payload.base64_signature
Finally, include this in your POST to the token endpoint as the client_assertion
parameter, and also include a client_assertion_type
parameter set to "urn:ietf:params:oauth:client-assertion-type:jwt-bearer":
req.set_form_data(
:grant_type => 'client_credentials',
:redirect_uri => 'http://spready.dev',
:resource => 'https://outlook.office365.com/',
:client_id => '== Client ID ==',
:client_assertion_type => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
:client_assertion => 'base64_header.base64_payload.base64_signature'
)
I hope that helps! This is all based on my research into how ADAL does it, and I haven't tested it myself in Ruby.
Building Daemon or Service Apps with Office 365 Unified API
Office 365 Unified API doesn't yet support client credential flow. Stay tuned, as we are working actively to add support.
How to read calendars which are shared by others in Office 365 REST API
No it doesn't. Right now the API only supports accessing your data, it doesn't support accessing other folks, even if they've given you access. This is a feature we are looking at adding, but I don't have a timeline to share.
Could not retrieve app only tokens for office 365
The error indicates there's a problem with your signature. Comparing with a working one, it is way shorter. Be sure you're signing the string with an RSA SHA-256 hash. Using HMAC is probably causing the issue.
Related Topics
Rails 5: Activerecord or Query
Why Does String Interpolation Work in Ruby When There Are No Curly Braces
Pass Parameter by Reference' in Ruby
What Are the Ruby File.Open Modes and Options
What Does a Double * (Splat) Operator Do
Rails Has_Many :Through Find by Extra Attributes in Join Model
How to Find an Item in Array Which Has the Most Occurrences
How to Have Methods Inside Methods
Why Is "Slurping" a File Not a Good Practice
Why Does Ruby 1.9.2 Remove "." from Load_Path, and What's the Alternative
How to Find Where a Method Is Defined At Runtime