Scope control of the Microsoft Graph.

The Microsoft Graph has aspect of an information gateway of Microsoft services such as Outlook or Calendar, OneDrive, SharePoint and so on, also has feature of access control gateway of these services too.

Any system has responsibility that assert appropriate authority to user when accessing information management by system. So system which use Microsoft Graph have to be specified with appropriate scope of information provided by it.
An appropriate scope have to change with some cases which is read or write some files to OneDrive or read mail and so on.

>>Sample solution for Visual Studio 2017

>>Visual Studio 2017 community is free

・AuthenticationHelper class

The AuthenticationHelper class of previous article is for only Microsoft Graph, so modify it for become to generic OAuth authentication class

・Class for Microsoft Graph

Create the class which use Microsoft Graph, It extends from provider base class.
This class should have a feature of Microsoft Graph, for example, Microsoft Graph has authentication types that for the Microsoft account and the Organization account. So below code is added to the class.

    public enum TenantType
    {
        common,
        organizations,
        consumers,
        tenantFriendlyName,
        tenantGUID
    }

And has Scope types for user information or mail and so on. So below code is added to the class.

    [Flags]
    public enum UserScopeType
    {
        Read=1,
        ReadWrite=2,
        ReadBasicAll=4,
        ReadAll=8,
        ReadWriteAll=16,
        InviteAll=32
    }

And has information access levels which are changed by the way to request types respectively. The Microsoft account is restricted than the Organization account.

        public class User
        {
            public List BasicInfo = new List();
            public List OrganizationInfo = new List();
            public User()
            {
                BasicInfo.Add("displayName");
                BasicInfo.Add("givenName");
                BasicInfo.Add("mail");
                BasicInfo.Add("photo");
                BasicInfo.Add("surname");
                BasicInfo.Add("userPrincipalName");
                OrganizationInfo.Add("aboutMe");
                OrganizationInfo.Add("birthday");
                OrganizationInfo.Add("hireDate");
                OrganizationInfo.Add("interests");
                OrganizationInfo.Add("mobilePhone");
                OrganizationInfo.Add("mySite");
                OrganizationInfo.Add("pastProjects");
                OrganizationInfo.Add("photo");
                OrganizationInfo.Add("preferredName");
                OrganizationInfo.Add("responsibilities");
                OrganizationInfo.Add("schools");
                OrganizationInfo.Add("skills");
            }
            public string displayName { get; set; }
            public string givenName { get; set; }
            public string mail { get; set; }
            public string photo { get; set; }
            public string surname { get; set; }
            public string userPrincipalName { get; set; }
            public string jobTitle { get; set; }
            public string mobilePhone { get; set; }
            public string officeLocation { get; set; }
            public string preferredLanguage { get; set; }
            public string aboutMe { get; set; }
            public string birthday { get; set; }
            public string hireDate { get; set; }
            public string interests { get; set; }
            public string mySite { get; set; }
            public string pastProjects { get; set; }
            public string preferredName { get; set; }
            public string responsibilities { get; set; }
            public string schools { get; set; }
            public string skills { get; set; }
        }
    }

And there is many scopes Microsoft Graph provide.

>>Microsoft Graph のアクセス許可のリファレンス(日本語)

>>Microsoft Graph permissions reference(English)

・Code behind

If below code is defined in some method of code behind when authentication execute, it work well. All code is end of this article.

switch (provider.CurrentProviderTypes)
{
    case ProviderBase.ProviderTypes.MicrosoftGraph:
        var token = AuthenticationHelper.TokenForUser;
        var oAuthClient = AuthenticationHelper.GetAuthenticatedClient();
        if (oAuthClient != null)
        {
            var user = await oAuthClient.Me.Request().GetAsync();
            (provider as MSGraph).AccessToken = AuthenticationHelper.TokenForUser;
            (provider as MSGraph).TokenExpire = AuthenticationHelper.Expiration;
            result = user.GivenName;
        }
        else
        {
            result = "Internal Error when creating OAuth client";
        }
        NotifyUser(result);
        break;

・xaml.cs

・Microsoft Graph class

About takao