azure / azure-functions-microsoftgraph-extension Goto Github PK
View Code? Open in Web Editor NEWMicrosoft Graph extension for Azure Functions
License: MIT License
Microsoft Graph extension for Azure Functions
License: MIT License
I have an Azure Function with a Graph Token input binding that works perfectly from the browser and I also got it working using Postman. I'm now trying to call the function through a Logic App Custom Connector.
I've set up the security in the connector as follows:
I've added the custom connector to my logic app and I'm able to successfully sign in with my Azure AD account. However, in runtime I see an internal server error. Looking at the Function app monitoring I notice the Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN' error message.
As mentioned, Postman is working fine. I'm using the following configuration in Postman to obtain a token.
I'm just providing the token in the Authorization header and am not explicitly providing the X-MS-TOKEN-AAD-ID-TOKEN header. Something at the app service level must be taking care of this, but it's a black box to me.
What might be the reason it's not working in the Custom Connector, but is working otherwise directly in the browser or through Postman?
A suggestion, rather than an issue.
I have a potential PR, but I'm struggling to test my code locally (against one of my Functions). The unit tests run, but I want to see it working against a real function.
The README.md doesn't have any hints on how to set up local dev environment. Even a few hints/bullets might be useful and raise the chances of PRs being useful.
I'm trying to create a function to get all subscription:
[FunctionName("WebhookTest")]
public static IActionResult Run(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req,
[GraphWebhookSubscription] string[] subIds
)
{
return new OkObjectResult("OK");
}
I got this error in the CLI tool:
[1/18/2019 2:47:20 AM] Error indexing method 'WebhookTest.Run'
[1/18/2019 2:47:20 AM] Microsoft.Azure.WebJobs.Host: Error indexing method 'WebhookTest.Run'. System.Private.CoreLib: The given key 'T' was not present in the dictionary.
If I remove the [GraphWebhookSubscription] string[] subIds
binding the function is OK.
Our team is trying to use the Microsoft Graph auth token input binding for an Azure Functions application version 2 implemented in compiled C# on .NET Core 2.2. We want to use a "client credentials" binding, where the function can directly authenticate itself to AAD and interact with the Graph API. We do not want to use delegated permissions, where the function acts on behalf of a user authenticated with AAD.
Our function is deployed in a tenant (tenant ID 43e***) that is distinct from the tenant we want to query with the Graph API (tenant ID 849***).
The auth token binding seems to be affected by three application settings:
WEBSITE_AUTH_OPENID_ISSUER
: the URL to the tenant from which to obtain an authentication token for the Graph APIWEBSITE_AUTH_CLIENT_ID
: the client ID used by the function binding to identify the application to the tenantWEBSITE_AUTH_CLIENT_SECRET
: the client secret used by the function binding to authenticate to the tenantWe have found that all of these three settings appear to be populated strictly by Azure, itself, specifically for authenticating against the tenant in which the Azure function itself is deployed (43e***). We, however, want to authenticate to a tenant different than the one where the function is deployed, so that the token we get back can be used to query the target tenant (849***). Unfortunately we have found that none of these settings can be overridden in the Application Settings for the Function App.
Is there some other way to specify these pieces of information to the auth token binding so that we can get a token for a tenant that is different than the one on which we have deployed the function?
I'm a big fan of the Microsoft Graph and Azure Functions so I think these extensions are a fabulous pairing. Is the project accepting community contributions? I was considering looking for ways to contribute, possibly with some additional bindings (I'd love to see some Teams bindings) but I wasn't sure if there were already internal updates in the works or an existing backlog? Love to hear some feedback.
Thanks!
Josh
I am working on Azure function V2 Graph token template. I am getting below error if you don't use the system for a while.
2019-03-13T10:08:10.911 [Error] Executed 'Functions.GraphTest' (Failed, Id=ad2e8baf-6af7-4ac1-86f4-50bf8e936373) {"error":"invalid_grant","error_description":"AADSTS500133: Assertion is not within its valid time range.\r\nTrace ID: 225b4107-f46c-411d-ab13-9aead85cf600\r\nCorrelation ID: 59db5657-4510-4010-a2d4-fc07309c45cd\r\nTimestamp: 2019-03-13 10:08:10Z","error_codes":[500133],"timestamp":"2019-03-13 10:08:10Z","trace_id":"225b4107-f46c-411d-ab13-9aead85cf600","correlation_id":"59db5657-4510-4010-a2d4-fc07309c45cd"}
extensions.csproj
<PackageReference Include="Microsoft.Azure.WebJobs.Extensions.AuthTokens" Version="1.0.0-beta6" />
<PackageReference Include="Microsoft.Azure.WebJobs.Extensions.MicrosoftGraph" Version="1.0.0-beta6" />
<PackageReference Include="Microsoft.Azure.WebJobs.Script.ExtensionsMetadataGenerator" Version="1.0.*" />
Please help me to solve this. As we want this to implemented in our most of the solutions
A regression was introduced in beta2 that causes a runtime issue when trying to bind to POCO objects. A PR will be out shortly.
Hello,
I've created a new Azure Function v2.0 using Visual Studio 2017. Then I've installed, using NuGet, the packages required to interact with the Microsoft Graph:
<PackageReference Include="Microsoft.Azure.WebJobs.Extensions.AuthTokens" Version="1.0.0-beta3" />
<PackageReference Include="Microsoft.Azure.WebJobs.Extensions.MicrosoftGraph" Version="1.0.0-beta3" />
Then I've changed the signature of the function in order to include the Token attribute:
public static IActionResult Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)]HttpRequest req,
[Token(Identity = TokenIdentityMode.UserFromRequest, IdentityProvider = "AAD", Resource = "https://graph.microsoft.com")]string token, TraceWriter log)
{
…
}
However, when I publish the function on my Azure account and I look at the function.json displayed in the dashboard, the authentication bindings are completely missing:
{
"generatedBy": "Microsoft.NET.Sdk.Functions-1.0.13",
"configurationSource": "attributes",
"bindings": [
{
"type": "httpTrigger",
"methods": [
"get",
"post"
],
"authLevel": "anonymous",
"name": "req"
}
],
"disabled": false,
"scriptFile": "../bin/FunctionApp2.dll",
"entryPoint": "FunctionApp2.Function1.Run"
}
As a consequence, the Azure function isn't working and it always return the following exception:
System.Private.CoreLib: Exception while executing function: GraphApiFunction. Microsoft.Azure.WebJobs.Host: Exception binding parameter 'token'. Microsoft.IdentityModel.Clients.ActiveDirectory: Value cannot be null.
Am I doing something wrong or is there any issue with the current NuGet packages?
Thanks!
Once a notion of Binding Categories gets added into WebJobs, remove the custom methods that generate the binding category string from this repo.
The token I am getting from the auth token binding with client credentials seems to be incorrect for some routes.
I am receiving a 500 internal error when I am querying the following route with the token retrived from the binding :
If I query the https://graph.microsoft.com/v1.0/users route of microsoft with the token, I have a 200 response so apparently the token only has problems with some routes and client credentials.
I have created a stackoverflow question about that https://stackoverflow.com/questions/54313632/error-500-when-trying-to-query-getactivitiesbyinterval-route-of-microsoft-graph.
Please provide the following:
Provide the steps required to reproduce the problem:
Provide a description of the expected behavior.
The binding works
Provide a description of the actual behavior observed.
2019-01-28T08:19:28.363 [Error] Executed 'Functions.NewStreamDataFile' (Failed, Id=aa0a4fd4-8604-499f-9e8c-59aa2650dc02)
ScriptBinding type System.Byte[] is not supported
none
Provide any related information
If the user is trying to populate a Token binding and the request is unauthenticated, the request returns the following stack trace:
An unhandled exception occurred while processing the request. InvalidOperationException: Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN': property doesn't exist. Microsoft.Azure.WebJobs.Host.Bindings.Path.BindingTemplateToken+ExpressionToken.Evaluate(IReadOnlyDictionary<string, object> bindingData) in BindingTemplateToken.cs, line 198 InvalidOperationException: Exception binding parameter 'graphToken' Microsoft.Azure.WebJobs.Host.Executors.DelayedException.Throw() in DelayedException.cs, line 27 FunctionInvocationException: Exception while executing function: Functions.ProfilePhotoAPICSharp1 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
We should handle this internal exception and return a message that more clearly indicates that the user isn't authenticated, so we can't populate the Auth token value.
I am trying to get a token from Microsoft Graph using UserFromId.
When my function executes locally (from an HttpTrigger), I have the following exception :
System.Net.Http.HttpRequestException: 'The SSL connection could not be established, see inner exception.'
My code is the following :
public static async Task Run([HttpTrigger(AuthorizationLevel.Function, "post", Route = "gettoken")] HttpRequestMessage request, [Token(UserId = "%UserId%", IdentityProvider = "AAD", Identity = TokenIdentityMode.UserFromId, Resource = "https://graph.microsoft.com")] string graphToken, ILogger log)
I have WEBSITE_AUTH_CLIENT_ID, WEBSITE_AUTH_CLIENT_SECRET, WEBSITE_AUTH_OPENID_ISSUER, WEBSITE_AUTH_SIGNING_KEY settings.
I previously signed in with the user I want on https:///.auth/login/aad
and retrieved the UserId from the user_id field on the response of GET to https:///.auth/me. The user_id is the email of my user. Is it correct ?
So I can't debug my function locally due to this exception.
When I call my function on the portal I have another exception :
Failed to refresh ******** AAD error=Forbidden You do not have permission to view this directory or page.
I have the following error : "This template requires an AAD configuration for the function app.
App service Authentication / Authorization: not configured" when I try to create an Outlook message webhook handler whereas I have configured the azure active directory authorization.
It seems to be linked with the fact that the AAD I use is on a different tenant. When I use the same tenant than the one of my Function App there is no error message.
I followed microsoft documentation to configure AAD authorization.
This repo lacks of the following things:
It would be good to be able to delete a file in OneDrive from an Azure Function that has been triggered by the same file.
That would allow a user to use OneDrive for dropping files that should be processed in some way but stored in another place, for example Azure Blob Storage, without the need to manually remove files. Dropping files to OneDrive as an integration is easy for a regular PC/smartphone user + easy to develop compared to other alternatives.
I've followed the instructions for setting the graph token binding while developing locally and am passing in the id_token as the value of the aad token header. Yet I still get:
[07.02.19 23:07:02] System.Private.CoreLib: Exception while executing function: Functions.myFuncName. Microsoft.IdentityModel.Clients.ActiveDirectory: Value cannot be null.
[07.02.19 23:07:02] Parameter name: authority.
What does this mean and how do I fix it?
Thanks!
Please consider adding support for Microsoft Teams
We have had some customers report that they are seeing errors when using the Graph Extension in the National Clouds.
E.G
azure-functions-microsoftgraph-extension\src\MicrosoftGraphBinding\Bindings\O365Constants.cs has this code.
{ ///
All of the national cloud Graph endpoints are documented here.
It looks like the Graph Extension needs to be updated to support these endpoints as well.
When binding GraphWebhookSubscription to a string[], we get an indexing error.
Example
run.csx:
#r "Newtonsoft.Json"
using System.Net;
public static async Task Run(HttpRequest req, string[] existingSubscriptions, IAsyncCollector<string> subscriptionsToDelete, TraceWriter log)
{
log.Info("C# HTTP trigger function processed a request.");
foreach (var subscription in existingSubscriptions)
{
log.Info($"Deleting subscription {subscription}");
await subscriptionsToDelete.AddAsync(subscription);
}
}
function.json:
{
"bindings": [
{
"name": "req",
"type": "httpTrigger",
"direction": "in",
"authLevel": "anonymous"
},
{
"type": "graphWebhookSubscription",
"name": "existingSubscriptions",
"direction": "in",
"identity": "userFromRequest"
},
{
"type": "graphWebhookSubscription",
"name": "subscriptionsToDelete",
"direction": "out",
"action": "delete",
"identity": "userFromRequest"
},
{
"type": "http",
"name": "res",
"direction": "out"
}
]
}
Error Message: OutlookMessageWebhookDeleter: Microsoft.Azure.WebJobs.Host: Error indexing method 'Functions.OutlookMessageWebhookDeleter'. System.Private.CoreLib: The given key was not present in the dictionary.
This looks like a breaking change introduced by beta5 of the runtime, potentially a bug there to investigate.
Error Message
Microsoft.Azure.WebJobs.Host.FunctionInvocationException : Exception while executing function: Functions.NotifyBoxUsersOfCollabotorChange ---> System.ArgumentException : Object serialized to Bytes. JObject instance expected.
at Newtonsoft.Json.Linq.JObject.FromObject(Object o,JsonSerializer jsonSerializer)
at Newtonsoft.Json.Linq.JObject.FromObject(Object o)
at Microsoft.Azure.WebJobs.Extensions.MicrosoftGraph.Config.Converters.OutlookGenericsConverter`1.Convert(T input)
*Repro Steps
Expected Result
The binding should send messages
Actual Result
The error is returned as above.
Repro:
You'll get the following error message in the functions host console
System.Private.CoreLib: Exception has been thrown by the target of an invocation. System.IO.FileSystem: Could not find a part of the path 'D:\home\data\byob_graphmap'
Fortunately plugging a usb key and affecting the D letter works around the issue, but this is far from ideal.
Details and prior work: Azure/azure-webjobs-sdk#1883
Steps to reproduce:
2018-06-22T17:58:06.739 [Error] Microsoft.Azure.WebJobs.Host: Error indexing method 'Functions.ProfilePhotoAPICSharp1'. System.Private.CoreLib: Could not load file or assembly 'Microsoft.Azure.WebJobs.Extensions.Tokens, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. The system cannot find the file specified.
A look at kudu shows the file Microsoft.Azure.WebJobs.Extensions.Tokens.dll is present in the /wwwroot/bin folder.
Thanks
Bob
Hi,
In the Function app created in the portal using csx
after updating Microsoft Graph extensions from beta1 to beta2 using Kudu as advised by @mattchenderson, (to solve issue 'app not found in directory microsoft.com') I have following issues:
Playing around with the sdk beta 3 i found that if a previous function use the Token attribute all the bindings defined for Excel doesnt work.
Environment
Azure Functions v2.
Host 2.2.2
SDK: beta 3
Repro steps
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run1Async(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
[Token(
Identity = TokenIdentityMode.UserFromToken,
UserToken = "%UserToken%",
IdentityProvider = "AAD",
Resource = "https://graph.microsoft.com")] string token
)
{
return new OkObjectResult(token);
}
[FunctionName("Function2")]
public static async Task<IActionResult> Run2Async(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
[Excel(
Path = "some name",
TableName ="Table1",
Identity = TokenIdentityMode.UserFromToken,
UserToken = "%UserToken%",
IdentityProvider = "AAD",
Resource = "https://graph.microsoft.com")] string[][] table
)
{
return new OkObjectResult("OK");
}
}
workaround
I think the issue is related on the order on which the extensions are added because if function 1 is declared after function 2 the bindings works
Thanks
I followed the steps listed in local development
section. However, I'm not sure how to get and store a graphToken for local development i.e. running on localhost
throws 500. What would be the desired configuration for local.settings.json
file for local development? TIA
as the parameter has been renamed to subscriptionResource this error message should be updated to provide better information.
Generally, please use the nameof keyword...
https://github.com/Azure/azure-functions-microsoftgraph-extension/blob/master/src/MicrosoftGraphBinding/Bindings/GraphWebhookSubscriptionAttribute.cs#L56
If you bind to a stream type and attempt to work with a file that does not yet exist, a "resource not found" error will be thrown. Other binding types can create files.
The current method we are using in the Microsoft Graph .NET SDK to upload streams to OneDrive only supports up to 4 MB files. We can utilize their chunked upload to allow larger files.
If you want to get started on Visual Studio 2017 today you're missing a rather important step. The functions.json won't have the entries relatives to any of the extensions attributes because the generator is not set up. Microsoft.Azure.WebJobs.Script.ExtensionsMetadataGenerator
I know this is not working today because of an open issue on that package but hopefully it will work at some point Azure/Azure-Functions#690
Since graph binding forces you to set the issuerURL in the AD Application that is assigned to the function, I am unable to find a way to support multitenancy.
Want I want is that any user from any tenant can call the api and be authenticated against their own Azure AD using delegated permissions. I have it working if I make the calls myself to get the token, but it would be nice if the binding could use the same issuer that was used to issue the authenticated user.
Perhaps i'm missing something, if so just tell me :D
When using the token mode UserFromRequest, a user encountered the below issue.
2018-04-06T13:24:47.145 [Error] System.Private.CoreLib: Exception while executing function: Functions.getCalendar. Microsoft.Azure.WebJobs.Host: Exception binding parameter 'graphToken'. Microsoft.IdentityModel.Clients.ActiveDirectory: AADSTS70002: Error validating credentials. AADSTS50013: Assertion is not within its valid time range. Trace ID: e9c4c023-b531-45a4-a63c-be4f2e621000 Correlation ID: f5886be0-6846-484f-9d4b-b10711a8047c Timestamp: 2018-04-06 13:24:46Z. Microsoft.IdentityModel.Clients.ActiveDirectory: Response status code does not indicate success: 400 (BadRequest). {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS50013: Assertion is not within its valid time range.\r\nTrace ID: e9c4c023-b531-45a4-a63c-be4f2e621000\r\nCorrelation ID: f5886be0-6846-484f-9d4b-b10711a8047c\r\nTimestamp: 2018-04-06 13:24:46Z","error_codes":[70002,50013],"timestamp":"2018-04-06 13:24:46Z","trace_id":"e9c4c023-b531-45a4-a63c-be4f2e621000","correlation_id":"f5886be0-6846-484f-9d4b-b10711a8047c"}. 2018-04-06T13:24:47.489 [Error] Executed 'Functions.getCalendar' (Failed, Id=ae18d8ff-2e42-4f0e-a761-bbc9c33bbf9f)
The user could sign into other sites, so their cookie was still valid.
[Steps]
[Expected]
The settings should be saved successfully.
[Actual]
An error message is shown:
Function ($HttpTriggerCSharp1) Error: Could not convert 'userId' to TokenIdentityMode. Error converting value "userId" to type 'Microsoft.Azure.WebJobs.TokenIdentityMode'. Path 'identity'. Requested value 'userId' was not found.
[Note]
Looking into function.json, you will see the identity value is "userId", which is wrong and should be "userFromId".
After manually fixing the function.json to have "userFromId" as the identity mode. Everything works as expected.
I'm trying to get Graph Token extension working in an Azure function using the instructions in this repo and I keep getting this error:
Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN': property doesn't exist.
I've checked the documentation 5 times and done a bunch of web searches; need this urgently for a demo. Any chance you can help? Am I missing something easy?
Note I added the extension via the command lines in the article on Github, and deployed via VS Code.
Thanks!
Here is my function.json:
{
"disabled": false,
"bindings": [
{
"authLevel": "anonymous",
"type": "httpTrigger",
"direction": "in",
"name": "req",
"methods": [
"get",
"post"
]
},
{
"type": "token",
"direction": "in",
"name": "graphToken",
"resource": "https://graph.microsoft.com",
"identity": "userFromRequest"
},
{
"type": "http",
"direction": "out",
"name": "res"
}
]
}
This error happens whenever I add a Token binding to any function in the App. I hit this same error in 3 different Function Apps, in 3 different tenants, by using the portal. And managed to reproduce locally using "func.exe".
All I had to do to reproduce the error was:
beta
version.Same steps created the same error using the Functions Portal, or using a VS C# Functions App.
[30-Mar-18 07:50:44] Loaded custom extension: AuthTokenExtensionConfig from 'referenced by: Method='MsGraphBridge.TokenClass.Run', Parameter='graphToken'.'
[30-Mar-18 07:50:44] A ScriptHost error has occurred
[30-Mar-18 07:50:44] Microsoft.Azure.WebJobs.Extensions.Tokens: Method not found: 'Void Microsoft.Azure.WebJobs.Host.Config.FluentBindingRule`1.BindToInput(Microsoft.Azure.WebJobs.IAsyncConverter`2<!0,!!0>)'.
[30-Mar-18 07:50:44] Stopping Host
Binding:
{
"bindings": [
{
"authLevel": "function",
"name": "req",
"type": "httpTrigger",
"direction": "in",
"methods": [
"get",
"post"
]
},
{
"name": "$return",
"type": "http",
"direction": "out"
},
{
"type": "token",
"name": "token",
"resource": "https://graph.microsoft.com",
"identity": "UserFromRequest",
"direction": "in"
}
]
}
When I try to use microsoft graph binding I have an exception : "Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN': property doesn't exist.". I got that exception just by executing my azure function created from the new Microsoft Graph azure function templates.
I have AAD app registered that has been configured with access to the Graph API. Is there something else to do ? Is there something to put in the app settings (the readme on github mentions "The bindings can access the client secret (via appsettings) and use that to perform token exchanges.) ?
Just trying to add the AuthTokens nuget package from a new Function created using VS 2017 to use the Auth bindings from the function code.
Running the command - install-package Microsoft.Azure.WebJobs.Extensions.AuthTokens -Version 1.0.0-beta3
Getting this error -
install-package : NU1107: Version conflict detected for Microsoft.Azure.WebJobs. Reference the package directly from the project to
resolve this issue.
MSGraphExplorer -> Microsoft.Azure.WebJobs.Extensions.AuthTokens 1.0.0-beta3 -> Microsoft.Azure.WebJobs (>= 3.0.0-beta5)
MSGraphExplorer -> Microsoft.NET.Sdk.Functions 1.0.13 -> Microsoft.Azure.WebJobs (>= 2.2.0 && < 2.3.0).
At line:1 char:1
- install-package Microsoft.Azure.WebJobs.Extensions.AuthTokens -Versi ...
+ CategoryInfo : NotSpecified: (:) [Install-Package], Exception + FullyQualifiedErrorId : NuGetCmdletUnhandledException,NuGet.PackageManagement.PowerShellCmdlets.InstallPackageCommand
install-package : Package restore failed. Rolling back package changes for 'MSGraphExplorer'.
At line:1 char:1
The error does look legit. Is there a workaround to these? I have validated that "Azure Functions and Web Job Tools" extensions is up to date....
I'm working on the following project:
[Token(Identity = TokenIdentityMode.UserFromRequest, Resource = "https://graph.microsoft.com")] string graphToken
input binding.At this point my assumption is that the authentication platform layer (easyAuth) is supposed to take the bearer jwt token coming in, validating it against the configured setting, and passing it as the X-MS-TOKEN-AAD-ID-TOKEN
header to the underlying layers.
Then the input binding is looking for that to trade that token in for a token that works for the requested resource.
First question: are those assumptions/this understanding valid?
Second question: For some reason I never get the X-MS-TOKEN-AAD-ID-TOKEN header when the function is called. I tried some workarounds like injecting it manually, to the original request, it feels like a hack but works during local debugging. However this doesn't work on an actual azure function environment. Am I missing any configuration?
As the Microsoft Graph SDK team release support for the Beta version of the Graph with the dotnet SDK it'd be nice to have a beta version of this extension as well under preview to match the behavior.
It's probably only a matter of having two project files and/or nuspec files and it'd allow people to use this extension in combination with the beta endpoint without having to craft requests manually.
Today, because the beta sdk is on the same namespace as the v1.0 one, if you use both the beta sdk and this extension, you end up having conflicts for every entity.
https://www.nuget.org/packages/Microsoft.Graph.Beta/
Currently, due to limitations in the extension process in the portal, users can't upgrade the extension version in the Portal. Instructions, and possibly a script, should be added to the repo so that users who are willing to self-service their upgrade and avoid using the Portal templates can upgrade their Microsoft and Graph extensions manually.
If you attempt to use the client credentials flow, you will get an error stating that your application "was not found in the directory microsoft.com." The "microsoft.com" piece will occur no matter what tenant your application is in.
Early guess is that this is due to us using the common endpoint, when a client credentials flow should be against a proper tenant. You can verify this by attempting the flow manually in postman using the common endpoint.
The Outlook, OneDrive, and Excel bindings derive from the token binding. See https://github.com/glennamanns/TokenBinding for more information about the token binding.
These bindings should also integrate with the O365 SDK to provide a full experienc.
See https://github.com/Azure/MikeBindings/blob/master/Samples/Functions.cs for sample usages.
Are there alternatives?
Since the notification url is not exempt from EasyAuth paths, any action other than allow anonymous will prevent a 200 from being returned.
The examples for Excel input bindings found at https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-microsoft-graph do not work out of the box.
In version 1.0.0-beta1, bindings utilizing a table require the worksheet name as well. I have a fix coming out shortly that should make these examples work as expected.
By default if you run the examples with the CLI you'll get the error message described in the title.
I feel like the "DefaultBYOBLocation" should be a relative path. Or a least the BYOB_TokenMap key should be documented on the readme to get started.
JavaScript is not properly supported for Excel output bindings in beta1 or beta2. This should be fixed before releasing beta3.
Hi,
Give me advice how to organize my binding to send MS Graph Requests from my azure function which runs by schedule. I tried to use option UserFromId and provided object id of a user from AD which didn't work out.
Eventually what i what to do is to authenticate somehow to execute MSGraph request but not sure how to provide credentials in case on when trigger is schedule.
I got this error when playing with the sample
[FunctionName("WebhookSubscribe")]
public static IActionResult Run(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
[GraphWebhookSubscription(
Identity = TokenIdentityMode.ClientCredentials,
SubscriptionResource = "users/%UserId%/drive/root",
ChangeTypes = new [] {GraphWebhookChangeType.Created, GraphWebhookChangeType.Updated },
Action = GraphWebhookSubscriptionAction.Create)] out string clientState,
ILogger log)
{
clientState = Guid.NewGuid().ToString();
return new OkObjectResult($"OK clientState={clientState}");
}
The extension will throw this error:
The graph token has no scopes. Ensure your application is properly configured to access the Microsoft Graph.
I've added all the permissions that I need just wonder what else is missing?
I have tried the token binding which gives me a token like this, so the auth has been setup up for this app.
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/e021***/",
"iat": 1547781139,
"nbf": 1547781139,
"exp": 1547785039,
"aio": "42JgYPD7d**",
"app_displayname": "Test app",
"appid": "0f889***",
"appidacr": "1",
"idp": "https://sts.windows.net/e021***/",
"oid": "37d***",
"roles": [
"Sites.ReadWrite.All",
"Group.ReadWrite.All",
"Sites.Manage.All",
"Files.ReadWrite.All",
"Notes.ReadWrite.All"
],
"sub": "37dfb***",
"tid": "e021ec***",
"uti": "QpQ**",
"ver": "1.0",
"xms_tcdt": 147563**
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.