Hello,
So far, we have implemented a OneDrive transport scaffold for Airavata’s MFT
[1]. The core logic implementing onedrive-transport depends on being able to
access OneDrive from Microsoft Graph, the development of which, is on hold. We
have investigated several ways in order to get this to work.
- Microsoft provides mainly two flows with which an authentication token can be
generated.
- Regardless of which flow is chosen, all of Microsoft's documentation points
towards creating an Azure Active Directory (AAD) App on the Azure Portal.
- We have tried creating an AAD app, provided the necessary permissions and
generated the relevant credentials for it.
The two authentication flows are as follows:
1. OAuth 2.0 authorization code grant flow [2]
We have investigated the following samples in order to be able to generate the
access token:
1.1. Nuxeo’s onedrive-java-client. [3]
- It does not provide a method to complete OAuth and obtain the access token.
1.2 The example you cited in one of the previous mails. [4]
- It does not provide a method to complete OAuth and obtain the access token.
1.3 The third party client (onedrive-sdk-java) we discussed about. [5]
- Requires spawning an intermediate browser window for authentication.
1.4 Microsoft's own Postman guide [6]
- Generated an authentication token, but we were unable to list our drive files
due to a license error (attempted license resolution addressed below)
1.5 Azure Free Trial for adding OneDrive to the AAD [7]
- Assuming that the OneDrive service within the AAD was a paid one, we tried
enabling the provided Azure free subscription.
- We were not able to figure out why an added user within an AAD did not have
their own dedicated OneDrive.
1.6 To circumvent the intermediate authentication step, we looked at the
Implicit Grant flow [8] and were unable to obtain an authentication token from
the /authorize endpoint despite having allowed the same in the AAD application.
1.7 MS Grah Explorer [9] is able to make queries to OneDrive since it is
already a web application.
2. OAuth 2.0 client credentials flow [10]
2.1 Using this flow grays out the possibility of using the /me alias for
querying MS Graph and requires the usage of /users/{user_id} instead.
2.2 Thus the enumeration of the files within a user's OneDrive cannot be done
with /me/drive/root/children like how MS Graph Explorer does it.
We seem to be stuck at emulating queries that MS Graph Explorer does. The
reason this mail is so long is because wanted to give as much detail as
possible in order to help arrive at a solution, or atleast provide a list of
pointers to avoid trying the same methods. We would like to know how we can
approach this issue.
[1] https://github.com/aniruddhavpatil/airavata-mft/tree/develop
[2] https://docs.microsoft.com/en-us/graph/auth-v2-user
[3] https://github.com/nuxeo/onedrive-java-client
[4] https://www.example-code.com/java/onedrive_download_to_file.asp
[5] https://github.com/isac322/OneDrive-SDK-java
[6] https://docs.microsoft.com/en-us/graph/use-postman
[7]
https://stackoverflow.com/questions/46802055/tenant-does-not-have-a-spo-license
[8]
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
[9] https://developer.microsoft.com/en-us/graph/graph-explorer
[10]
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
On Apr 28, 2020, at 6:04 PM, Patil, Aniruddha Vivek
<[email protected]<mailto:[email protected]>> wrote:
Hello Dimuthu,
1. We create an Azure Active Directory application on the Azure Portal [1]
with credentials for the Airavata organization.
2. I have tried out using MS Graph Explorer [2] to access my OneDrive files.
This functionality will be emulated by our MFT application that will use the
credentials of the step above.
3. Once the validity of the above two steps is confirmed, we can decide on a
client to use for accessing MS Graph. Microsoft has put up msgraph-sdk-java [3]
on their website as a Java client as per [4].
4. The above steps are my understandings of [5].
[1] https://portal.azure.com/
[2] https://developer.microsoft.com/en-us/graph/graph-explorer
[3] https://github.com/microsoftgraph/msgraph-sdk-java
[4] https://developer.microsoft.com/en-us/graph/get-started/java
[5] https://docs.microsoft.com/en-us/graph/tutorials/java
Regards,
Aniruddha Patil
On Apr 27, 2020, at 11:58 PM, DImuthu Upeksha
<[email protected]<mailto:[email protected]>> wrote:
Can you summarize the suggested steps to register an onedrive resource in MFT
including registering it in ms graph and fetching tokens? I need to have an
idea on the convenience aspect on this. About the API clients, you should try
to stick to standard clients provided by original providers as much as
possible. If not try to go for a reputed client implementation form third
party. In either case, licenses of these clients should be compatible with
Apache License 2.0. I just had a brief look at ondrive api and it seems like
they don't have a standard java client [2]. However they have a standard HTTP
API [3] so if you use any standard http client, you should be fine. I saw some
people have already done that [4]
[2] https://developer.microsoft.com/en-us/onedrive
[3]
https://docs.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_createuploadsession?view=odsp-graph-online
[4] https://www.example-code.com/java/onedrive_download_to_file.asp
On Mon, Apr 27, 2020 at 11:02 PM Patil, Aniruddha Vivek
<[email protected]<mailto:[email protected]>> wrote:
Hello Dimuthu,
As best as I understand, the ability of an application to access OneDrive
depends on whether the application has been registered for MS Graph. (this is
to avoid a user-dependent login)
Also, the repository you linked to is a third-party client. Is that permissible?
Thanks and regards,
Aniruddha Patil
On Apr 27, 2020, at 10:39 PM, DImuthu Upeksha
<[email protected]<mailto:[email protected]>> wrote:
Hi, Vivek,
I'm little confused about the relation between graph auth and one drive. Can't
we use a client id/ secret like this [1]?
[1] https://github.com/isac322/OneDrive-SDK-java#1-construct-client-object
Thanks
Dimuthu
On Mon, Apr 27, 2020 at 5:48 PM Patil, Aniruddha Vivek
<[email protected]<mailto:[email protected]>> wrote:
On further searching, I also came across this, with regard to the 2nd question
in the previous mail on this thread.
(https://github.com/microsoftgraph/msgraph-sdk-java-core/tree/master)
Regards
Aniruddha Patil
On Apr 27, 2020, at 3:42 PM, Patil, Aniruddha Vivek
<[email protected]<mailto:[email protected]>> wrote:
This message was sent from a non-IU address. Please exercise caution when
clicking links or opening attachments from external sources.
Hello,
We’re working on OneDrive transport for Airavata’s MFT and we have the
following questions:
1) Whether we should go ahead with this method for authentication?
(https://docs.microsoft.com/en-us/graph/auth-v2-service)
2) Whether we should interact with Microsoft Graph with either the REST Api
they have provided
(https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0) or
via msgraph-sdk-java? (https://github.com/microsoftgraph/msgraph-sdk-java)
(which only has a dev branch and no master, possibly indicating that it hasn’t
had a release yet)
Thanks and regards,
Aniruddha Patil
