How to authenticate Microsoft Graph on behalf of user in Dialogue Studio

Introduction

Some resources of Microsoft Graph requires an access token. This guide will tell you how to achieve this. In this example we will be creating a teams meeting.

 

Prerequisites

 

Get authorization

The first step needs to be done by a Office365 user.

  1. Create the URL for authorization:

    Note Replace the following:

    • [TenantID] = Directory (Tenant) ID can be found in your App overview

    • [ClientID] = Application (Client ID) can be found in your App overview.

    • (optional) Scope = If needed change your scope if you want to use a different recource. "offline_access" is needed for a refresh token.

    https://login.microsoftonline.com/[TenantID]/oauth2/v2.0/authorize?

    client_id=[ClientID]

    &response_type=code

    &redirect_uri=http://localhost

    &response_mode=query

    &scope=offline_access%20OnlineMeetings.ReadWrite

    &state=12345

  2. If the Office365 user navigates to the URL, they will be prompted to login and approve permission.

  3. The code you need for the access token can be the redirect url:

    Note This code can only be used once to get an access token

    http://localhost/?code=OAQABAAIAAAAm-06blBE1TpVMil8KPQ41JwA02BwjhjwZJ4QYXufOeZL2H0FIbab3eZsAotjGc5uwmAAJYJGK9weUDrBN-DFw9nZIMaDMTNmlwKasbx3kGn5-uDCYntdWlu3ytXCWjcuT42DvLbfCZAZmt78yPEQSGR7J2KqWnIZqDoEvsxQlJQuGzLMWBgUz_4pC1kSP5wNXYIgmnbkr6mjvziuOhgOMyByU4S-vif1U00WwaLv7jcgIKBtHqE19x48h284U_D6d-CI3vSTgbNQGy5-47yUPh92Zf1d4mm7Zh4pwVXU8BMWZDXhuR-iGeeTfGcxmgCY2foSWTnmMwA9EaniOHjL4vRBEXC9tKCvHebaleF-kZZTcFSh5KMyC-1ONLeqlfuXe-WTJ0H5NH9LMxxl8467lzyinsoX1xNb8nJkn_QiLQyDQR_KBjfLiAR-wv1GSS4tfXm78R6unhjmhdlvD6d6Y1TG2D0vg8Mp5I-w7axzlldo4fOtwNj4EdOTeaoPABU73TLWWT9Z7g99JAP7wchS_69BRTXIzFBWAPws4R150x6xXADJ351NT4N9_f4QLsMQ7y4XFuzKJFDt-yKb8fBls3056Gy3LHKWorT-OEw5Ees6Q_WNVDubiUovQ8ZnSj8xAHmv29TsGbqGviZ7BwpGvGNTjvV3Tm74U-7BloJeBLRhFntNjRMl-5K9ZVbbhXHsgAA&state=12345&session_state=44f98161-b0c9-466b-a1f7-a8b45e400c4f

 

Get an access and refresh token

Now that we have the Office365 users authorization we can start using it in Dialogue Studio. First step is generating access and refresh token. We start with a function node.

Steps:

  1. Drag and drop a Function node.

  2. Open Function node.

  3. Enter the following function:

    Note Replace the following:

    • [ClientID] = Application (Client ID) can be found in your App overview.

    • (optional) Scope = If needed change your scope if you want to use a different recource. "offline_access" is needed for a refresh token.

    • [Code] = Use the copied code form the previous step.

    • [ClientSecret] = Client secret can be generated in "Certificates & Secrets"

    msg.credentials = {

    client_id: "[ClientID]",

    scope: "OnlineMeetings.ReadWrite",

    code: "[Code]",

    redirect_uri: "http%3A%2F%2Flocalhost",

    grant_type: "authorization_code",

    client_secret: "[ClientSecret]"

    };

    msg.headers = {

    "Content-Type": "application/x-www-form-urlencoded",

    "Host": "login.microsoftonline.com"

    };

    msg.payload = "client_id=" + msg.credentials.client_id + "&scope=" + msg.credentials.scope + "&code=" + msg.credentials.code + "&redirect_uri=" + msg.credentials.redirect_uri + "&grant_type=authorization_code&client_secret=" + msg.credentials.client_secret

    return msg;

 

Now that we prepared our message we can send the request. This is done using a HTTP Request node.

Steps:

  1. Drag and drop a http request node.

  2. Open Node:

    1. Method = Post

    2. URL = https://login.microsoftonline.com/[TenantID]/oauth2/v2.0/token

      Note Replace [TenantID], Directory (Tenant) ID can be found in your App overview

    3. Return = a parsed JSON object

  3. Connect the end of the Function node to the begin of the HTTP request node.

 

Next we want to check if our output was successful. This can be done with a Switch node.

Steps:

  1. Drag and drop a Switch Node.

  2. Open Node:

    1. Change Property to msg.statusCode.

    2. Add an option for a OK response.

      == 200

    3. Add the option otherwise for any other response.

  3. Connect end of the HTTP request node to begin of the Switch Node.

 

If the response was 200 OK then we can store the tokens. Note that an access token is only valid for one hour, for that reason we also store the expiration time. This can be done with a Function node.

Steps:

  1. Drag and drop a Function node.

  2. Open Function node.

  3. Enter the following function:

    var access_token = msg.payload.access_token

    var refresh_token = msg.payload.refresh_token

    flow.set('at', access_token);

    flow.set('rt', refresh_token);

    var date = new Date();

    msg.date = new Date();

    flow.set('expire', new Date(date.setHours(date.getHours()+1)));

    return msg;

  4. Connect "== 200" of the Switch node to begin of the Function node.

Now we have our token and we can start using it.

 

Call Microsoft Graph with the access token

With our tokens in memory we can call Microsoft Graph. Before we start we need to check if the token is still active. We will do this with a Function node.

Steps:

  1. Drag and drop a Function node.

  2. Open Function node.

  3. Enter the following function:

    var date = new Date();

    msg.date = new Date();

    return msg;

 

Next we need to check if our expire time is not past the current time. This is done with a Switch node.

Steps:

  1. Drag and drop a Switch Node.

  2. Open Node:

    1. Change Property to flow.expire

    2. Add an option for if not expired

      >= msg.date

    3. Add the option otherwise for expired

  3. Connect end of the Function node to begin of the Switch Node.

We are going to continue on the not expired flow. The expired flow will continue with chapter Use a refresh token to get a new access token.

 

Our next step is to prepare the request, this is done using a Function node.

Steps:

  1. Drag and drop a Function node.

  2. Open Function node.

  3. Enter the following function:

    Note The payload can be different based on the resource you are using. In this case we are creating a meeting.

    msg.headers = {

    "Authorization": "Bearer " + flow.get('at'),

    "Content-type": "application/json"

    };

    msg.payload = {

    "subject":"User Token Meeting"

    }

    return msg;

  4. Connect ">= msg.date" of the Switch node to begin of the Function node.

 

Now that we prepared our message we can send the request. This is done using a HTTP Request node.

Steps:

  1. Drag and drop a http request node.

  2. Open Node:

    1. Method = Post

    2. URL = https://graph.microsoft.com/v1.0/me/onlineMeetings

    3. Return = a parsed JSON object

  3. Connect the end of the Function node to the begin of the HTTP request node.

The output is stored in msg.payload and can be used in the rest of your flow. If you were using this guide to generate a meeting, the url is located in msg.payload.joinWebUrl

 

 

Use a refresh token to get a new access token

When your access token is expired you can generate a new one using the refresh token. We start with a function node.

Steps:

  1. Drag and drop a Function node.

  2. Open Function node.

  3. Enter the following function:

    Note Replace the following:

    • [ClientID] = Application (Client ID) can be found in your App overview.

    • (optional) Scope = If needed change your scope if you want to use a different recource.

    • [ClientSecret] = Client secret can be generated in "Certificates & Secrets"

    msg.credentials = {

    client_id: "[ClientID]",

    scope: "OnlineMeetings.ReadWrite",

    refresh_token: flow.get('rt'),

    redirect_uri: "http%3A%2F%2Flocalhost",

    grant_type: "refresh_token",

    client_secret: "[ClientSecret]"

    };

    msg.payload = "client_id=" + msg.credentials.client_id + "&scope=" + msg.credentials.scope + "&refresh_token=" + msg.credentials.refresh_token + "&redirect_uri=" + msg.credentials.redirect_uri + "&grant_type=refresh_token&client_secret=" + msg.credentials.client_secret

    return msg;

 

Now that we prepared our message we can send the request. This is done using a HTTP Request node.

Steps:

  1. Drag and drop a http request node.

  2. Open Node:

    1. Method = Post

    2. URL = https://login.microsoftonline.com/[TenantID]/oauth2/v2.0/token

      Note Replace [TenantID], Directory (Tenant) ID can be found in your App overview

    3. Return = a parsed JSON object

  3. Connect the end of the Function node to the begin of the HTTP request node.

 

Next we want to check if our output was successful. This can be done with a Switch node.

Steps:

  1. Drag and drop a Switch Node.

  2. Open Node:

    1. Change Property to msg.statusCode.

    2. Add an option for a OK response.

      == 200

    3. Add the option otherwise for any other response.

  3. Connect end of the HTTP request node to begin of the Switch Node.

 

If the response was 200 OK then we can store the tokens. Note that an access token is only valid for one hour, for that reason we also store the expiration time. This can be done with a Function node.

Steps:

  1. Drag and drop a Function node.

  2. Open Function node.

  3. Enter the following function:

    var access_token = msg.payload.access_token

    var refresh_token = msg.payload.refresh_token

    flow.set('at', access_token);

    flow.set('rt', refresh_token);

    var date = new Date();

    msg.date = new Date();

    flow.set('expire', new Date(date.setHours(date.getHours()+1)));

    return msg;

  4. Connect "== 200" of the Switch node to begin of the Function node.

Now we have new access token and we can continue using it.