In this video, run the app and see that it succeeds and that the access token contains the user identity.
- [Instructor] With my code changes done, let me go ahead and run the application now. And I'm going to leave this breakpoint here, in the controller, because I want to show you what the access token value looks like now, and hopefully will contain the user's identity as well. Let's go ahead and hit the play button. The application loads as intended. Let's click sign in. Since I was already signed in into a different session here it's signed me in without asking for credentials. I did send myself an email earlier so I'm going to go to the user's controller, remember, this is reading my mail.
Let's click on this. I'm going to save this access token and hit continue. And as you can see, that it did indeed make the call successfully. And you see here it says, "MS Graph is so awesome! "Body preview, I'm learning a lot, "importance normal", all this other goo, and then it shows me what the email sender was and so on, so forth.
This is amazing. Let's quickly decrypt that access token as well. Again let's go to JWT.IO. Let's paste this access token in here scroll down. And you see here that I have the necessary permissions and I have the user's identity as a part of the access token as well, as you can see here. And this is how a web application can make calls to MS Graph with delegated user identity.
And like you can make calls to MS Graph, now what you could do technically is that, this is an MVC application, so you can add a web API inside of here, and then that web API gets its own resource. So, when you register the application the app ID URI becomes the resource URI. And if you go into App_Start, let's quickly jump there. Inside of App_Start, where I was specifying the resource ID as graph.microsoft.com, that would be your web API's resource, and then that web API can call Microsoft Graph.
So you see, then now you have the ability to forward the user's identity step-by-step-by-step, and also if you make a CSAM call, you can stick the token on top of your CSAM request, and forward that identity to SharePoint. All of that works, it's pretty amazing. So this is extremely, extremely powerful.
- What is Microsoft Graph?
- Registering a web application in Azure AD
- Adding authentication logic and authentication UI
- Native applications calling Graph
- Reviewing scenarios where web apps involving Graph are useful
- Web applications with application identity and delegated identity calling Graph
- Daemons calling Graph