Streamlining Python Development: A Guide to a Modern Project Setup
#SPFestSea azr302 The SharePoint Framework and the #MicrosoftGraph under steroids with Azure Functions
1. Microsoft Graph And
SharePoint Framework under
steroids with Azure functions
SharePoint Fest Seattle 2018
By: Vincent Biret
2. Passionate about technologies, development and community
Vincent Biret
@baywet
bit.ly/vince365
Microsoft Office Dev MVP
Azure and Office 365 developer @ 2toLead
3. Devs, devops, deciders. Endless possibilities, faster time to market, focus on business
value
For whom this session is?
4. Agenda
•The new stack for SharePoint Framework
•What are azure functions?
•Azure Active Directory
•The Microsoft Graph
•Better together! + Demo
•Conclusion
8. The “be nice, eh” solution
The need
• We want to encourage people to have better interactions
• For that we’re going to “scan” their emails
• Score the sentiment
• Have a webpart that displays average score per user on the company
portal
10. The solution requires a minimal development effort thanks to the integration between
the services provides by Office 365 and the infrastructure provided by Azure.
The architecture
MS
Graph
1
4
1 – Users send/receive emails
2 – Exchange communicates with
Graph
3 – Graph triggers our function for
analysis
4 – Users log into SP Portal
5 – SPFX webpart contacts Azure
function for data
12. Have you already seen these slides?
Question!
•Who has never heard about the
SharePoint Framework before this
talk?
13. The open source mindset shift also brings community support and samples and opens
SharePoint Dev to a bigger community
The Short Version
• New Tools!
• Front End only! (smaller footprint)
• Local And Remote WorkBench
• Closed source relying on open source
• First and third party
19. Microsoft has a desire to enable SPFX devs to build complex LOB applications backed by
MS or custom API’s
Custom API & Graph Access from SPFX – preview
• SPFx components access custom Web APIs or MS Graph
• Additional permission scopes can be requested
• Bakes in the auth for you and provides a ready to use client
• Web APIs and Permission Scopes managed by Microsoft still available
• Admins can control additional access through per tenant AAD Service Principal
• Managed by SharePoint Online infrastructure
{
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
"WebApiPermissionRequest": {
"ResourceId": “GUID goes here",
"Scope": “GUID goes here",
}
22. A decade ago, a lot of time was spent on physical considerations to build solutions
Before cloud
How often should
I patch my
servers?
How can I increase server
utilization?
How I deploy new code to my
server?
Which packages
should
be on my server?
It takes how long to provision a new vm?
23. When IaaS came out, the next burden for applications became the logical infrastructure
IaaS
How often should
I patch my
servers?
How can I increase server
utilization?
How I deploy new code to my
server?
Which packages
should
be on my server?
It takes how long to provision a new vm?
24. PaaS solved some of the complexity by making infrastructure transparent
PaaS
How can I increase service
utilization?
How I deploy new code to my
service?
Which packages
should
be on my service?
25. Serverless, a better version of PaaS, aims to let you focus on the business logic and
consumption by encapsulating other considerations
Serverless
How I deploy new code to my
service?
26. Improving the « pay for what you use » and the elasticity principles, it also provides a
total abstraction of servers
Serverless definition
27. Enable your team to deliver solutions faster, in a more structured way moving the focus
on the business logic
Benefits
28. From zero to productions in 7 steps! Microsoft’s answer to serverless
Azure functions
• Pick a language
• Pick a trigger
• Add some inputs/outputs
• Write the business logic code
• (test/deploy)
• Scale your service
• Ship to production!!!
31. SKU’s & scale
• Leverage App Service plan
• Tiers: Free, Shared, Basic, Standard, Prenium
• Cost based on reserved VMs
• You have to manage scale
• Comsuption based Plan
• Cost Based # of Executions, Duration and Memory (GB.s)
32. Besides the browser, you can use VS2017 + Azure SDK or VSCode + Azure F CLI
Tooling
35. AAD has become the key central identity service for Microsoft and provides a seamless
experience to end users.
Microsoft’s Central Identity Service
• Leveraged by all Office 365 workloads
• Stores Users, Groups, Applications…
• Provides many capabilities
• Hybrid: SSO, Federation, Synchronisation
• Enforced security: MFA, geo-fencing,
• Increased Productivity: SSPR, B2C, B2B
36. As application developers we DO NOT want to store username/password. Delegating that
responsability to AAD diminushes the exposed surface a lot if our app gets compromised
Basic principle (ultra simplified)
MS Graph
Open Id Connect + OAuth 2.0
37. Situation is painful, v2 slowly catching up, Microsoft is trying to improve it. When starting
a project, take the limitations into account and go from there.
ADAL and MSAL
• Two auth libraries from Microsoft for AAD
• ADAL talks to v1 endpoints
• MSAL talks to v2 endpoints
• MSAL still in preview but commercially supported
38. V1 is still recommended if you’re only working with O365 accounts. Microsoft is working
hard to migrate services and make models converge.
Two endpoints: details
• V2 brings:
• Unified Authentification and
autorisation for MSID and AAD
• Dynamic Scopes (opposed to
ressources)
• Client credential flow
• On Behalf Flow
• V2 Limitations:
• # of secrets
• securing APIs
• Not showing up in Azure Portal
• no wildcard redirect URL
• Limited « resources » available today
41. Microsoft made a subsequent investment for a few years to unify it’s API’s, authentication
modes and data formats as well as deliver a converging model.
Why the Microsoft Graph?
90%
of Fortune 500
companies
Use
Office 365
100M
Monthly
Active users
Office 365
paying
subscriptions
8T
objects
in Microsoft
Graph
(emails, events,
calendars, users, files…)
42. Teams and Project Rome still in beta. Also provides licensing, reporting and other APIs.
Microsoft is putting a HUGE commitment in the citizen developer movement.
Workloads
44. Microsoft has made it’s API available to a lot of different eco-system removing the pain of
having to write the boiler plate code. Java, Android and IOS still in preview
SDKs
47. Only with functions v2, still in preview. Most important ones being webhooks + auth that
allow you to do anything. You can also leverage flow as a relay.
Azure Functions + Microsoft Graph
•Excel table input/output bindings
•OneDrive File input/output bindings
•Outlook output binding
•Auth token input binding
•WebHook triggers/binding
48. All the new SPFX capabilities came out with 1.4.1. It’s becoming seamless to integrate
those technologies together.
SharePoint Framework + Azure Functions
• SPFX helps “linking” AAD app + SPFX solution
• SPFX helps “getting the tokens”
• SPFX helps “talking to the graph/secure API” (preview)
• Azure functions can be “secured” via bearer token (AAD)
First the user accesses APP/API as anonymous
App redirects him to AAD to first authenticate, then consent/grant, authorize.
AAD redirects the user to the application, with the identity token.
That identity token can be leveraged to request an access token to other resources/scopes.
Client credential flow: service can id alone without impersonification (service account)
On behalf flow: in a certain context an app can relay authentifcation via API to present APP + user and not only user (in excel for eg)
On behalf flow will help a lot office add-ins to access custom APIs
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-on-behalf-of
https://myignite.microsoft.com/sessions/55110?source=sessions
It’s a tremendous opportunity for developers whether you’re ISV, consultants or at a customers to provide rich and inovative applications.Doesn’t add any cost to office 365.
Also provide some form of intelligence