Use Microsoft Graph to query user groups at an app level
Application Type
Reactive, Service

Hi,

We are looking for advice or components that would help with the implementation of something we are working on.

We are wanting to create a service that queries our organisations Azure groups to see if a user is active or not, to do this we are using Microsoft Graph. We wanted to use it on a nightly timer.

I am just wondering how to authenticate and query this within OutSystems? I am struggling with the implementation of the REST calls, and if anyone knows of any tools that could assist with this?

Thanks

Joel

Hey Joel,


Microsoft Graph APIs are using Oauth2 as authentication mechanism. This means a Bearer token will be used for any API calls that you make towards Microsoft. I will go high level over the steps you need to do, but always you can check the documentation on Microsoft's website.

First you should consume a REST method for retrieving this Token, as you can see I have a screenshot from OutSystems with the parameters you need to pass through:

This returns in the Response an access_token and you will use this in the following format as Authorization header for any API call you need to make like this: Bearer access_token (example: Bearer AbCdEf123456)

Then, an example of the GetGroups API from MS Graph:

So whenever you call the GetGroups action in your logic in the input parameter for Authorization you should pass the Bearer + space + access_token and the authorization should work just fine.


Hope this gives an idea on how to consume the MS Graph APIs in OutSystems.


Regards,
Bogdan

Thanks very much for the info Bogdan.

I am struggling with the initial call of getting a bearer token. I am following the Microsoft docs https://docs.microsoft.com/en-us/graph/auth-v2-service

I am posting to 

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

The call works when I run it in the test tab in OutSystems, I get a 200 response and can see the bearer, but when I debug it the response values are all empty. I'm not sure if I am passing the data in incorrectly as opposed to how it is set in the test call.



Hey Joel,


Maybe indeed I should've mentioned that the Request for this API might be a bit tricky. All input parameters should be passed in the Body of the request. In my case the input parameters look something like this:

Make sure every parameter has the Send In set to Body and the Name in Request properly set so it matches your test.


Regards,
Bogdan

Hello Joel, 

Has Bogdan said Microsoft Graph APIs is using Oauth2 and in most cases 2 Step Authentication which requires you to sign in on a different page, which can possibly be the issue? 

You should check if that feature is enabled for that user.

If it's enabled you will need to authorize the user every time you run the timer.

To avoid this you can change the security options for that user to avoid using 2SA and then call the REST API, 

Hope it helps.

Paulo Rosário

Appreciate that. Thanks for your help Paulo.

I am struggling with the initial call of getting a bearer token. I am following the Microsoft docs https://docs.microsoft.com/en-us/graph/auth-v2-service

I am posting to 

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

The call works when I run it in the test tab in OutSystems, I get a 200 response and can see the bearer, but when I debug it the response values are all empty. I'm not sure if I am passing the data in incorrectly as opposed to how it is set in the test call.

Since you get a 200 response while testing make sure that you are passing the correct information on the headers when calling the API. 

Your actions should look something like this  : 

Hope it helps!

Paulo Rosário

Hey Joel,


Microsoft Graph APIs are using Oauth2 as authentication mechanism. This means a Bearer token will be used for any API calls that you make towards Microsoft. I will go high level over the steps you need to do, but always you can check the documentation on Microsoft's website.

First you should consume a REST method for retrieving this Token, as you can see I have a screenshot from OutSystems with the parameters you need to pass through:

This returns in the Response an access_token and you will use this in the following format as Authorization header for any API call you need to make like this: Bearer access_token (example: Bearer AbCdEf123456)

Then, an example of the GetGroups API from MS Graph:

So whenever you call the GetGroups action in your logic in the input parameter for Authorization you should pass the Bearer + space + access_token and the authorization should work just fine.


Hope this gives an idea on how to consume the MS Graph APIs in OutSystems.


Regards,
Bogdan

Thanks very much for the info Bogdan.

I am struggling with the initial call of getting a bearer token. I am following the Microsoft docs https://docs.microsoft.com/en-us/graph/auth-v2-service

I am posting to 

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

The call works when I run it in the test tab in OutSystems, I get a 200 response and can see the bearer, but when I debug it the response values are all empty. I'm not sure if I am passing the data in incorrectly as opposed to how it is set in the test call.



Hey Joel,


Maybe indeed I should've mentioned that the Request for this API might be a bit tricky. All input parameters should be passed in the Body of the request. In my case the input parameters look something like this:

Make sure every parameter has the Send In set to Body and the Name in Request properly set so it matches your test.


Regards,
Bogdan

Hello Joel, 

Has Bogdan said Microsoft Graph APIs is using Oauth2 and in most cases 2 Step Authentication which requires you to sign in on a different page, which can possibly be the issue? 

You should check if that feature is enabled for that user.

If it's enabled you will need to authorize the user every time you run the timer.

To avoid this you can change the security options for that user to avoid using 2SA and then call the REST API, 

Hope it helps.

Paulo Rosário

Appreciate that. Thanks for your help Paulo.

I am struggling with the initial call of getting a bearer token. I am following the Microsoft docs https://docs.microsoft.com/en-us/graph/auth-v2-service

I am posting to 

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

The call works when I run it in the test tab in OutSystems, I get a 200 response and can see the bearer, but when I debug it the response values are all empty. I'm not sure if I am passing the data in incorrectly as opposed to how it is set in the test call.

Since you get a 200 response while testing make sure that you are passing the correct information on the headers when calling the API. 

Your actions should look something like this  : 

Hope it helps!

Paulo Rosário

Thanks both for your help. It is working now. The issue I had was calling it within a server action within a client action.

Great, I'm glad I could help ! :D 

IF possible please mark our posts as solutions so it will be easier for others to find a solution for the same issue.

Best of luck to you! 

Kind regards, 

Paulo Rosário 

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.