public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, ILogger log) { var scopes = new string[] { "https://graph.microsoft.com/.default", "offline_access" }; if (req.Method == "POST" && req.Form.ContainsKey("code")) { var code = req.Form["code"].FirstOrDefault(); var app = ConfidentialClientApplicationBuilder.Create(_settings.ClientId) .WithClientSecret(_settings.ClientSecret) .WithTenantId(_settings.Tenant) .WithRedirectUri(req.GetDisplayUrl()) .Build(); var cache = new TokenCacheHelper(AzureApp.CacheFileDir); cache.EnableSerialization(app.UserTokenCache); _ = await app.AcquireTokenByAuthorizationCode(scopes, code).ExecuteAsync(); return(new OkObjectResult("The app is authorized to perform operations on behalf of your account.")); } var url = new StringBuilder(); url.Append($"https://login.microsoftonline.com/{_settings.Tenant}/oauth2/v2.0/authorize?"); url.Append($"client_id={_settings.ClientId}&"); url.Append($"response_type=code&"); url.Append($"redirect_uri={req.GetEncodedUrl()}&"); url.Append($"response_mode=form_post&"); url.Append($"scope={WebUtility.UrlEncode(string.Join(" ", scopes))}&"); return(new RedirectResult(url.ToString(), false)); }
public async Task <GraphServiceClient> Create() { var app = ConfidentialClientApplicationBuilder.Create(_azureAppSettings.ClientId) .WithClientSecret(_azureAppSettings.ClientSecret) .WithTenantId(_azureAppSettings.Tenant) .Build(); TokenCacheHelper.EnableSerialization(app.UserTokenCache); var accounts = await app.GetAccountsAsync(); var authProvider = new DelegateAuthenticationProvider(async(requestMessage) => { var result = await app.AcquireTokenSilent(new string[] { "https://graph.microsoft.com/.default" }, accounts.FirstOrDefault()).ExecuteAsync(); requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", result.AccessToken); }); return(new GraphServiceClient(authProvider)); }