Following this great example
https://blogs.msmvps.com/windsor/2017/03/12/walkthrough-building-a-custom-web-api-for-use-with-sharepoint-online/
and thanks to my Tenant Administrator AleBella, I created a solution which invoke custom Web Api service, authenticating itself by using oauth 2.0 paradigm.
JavaScript client-side code use ADAL library in order to perform authentication: all works fine.
This post will describe, instead, how I can consume my Web API service from my good friend Restlet Client Chrome Add-in.
https://chrome.google.com/webstore/detail/restlet-client-rest-api-t/aejoelaoggembcahagimdiliamlcdmfm
Getting authorization code
By performing a GET call on the following url (replacing placeholder with the right values), I’ll get into the Location header, the authentication code, by copying the codeparameter.
https://login.microsoftonline.com/{tenantID}/oauth2/authorize?client_id=
{ClientId}&response_type=code&redirect_uri={redirectUri}&response_mode=query&resource={resourceID}&state={State}
where
{tenantID}: the GUID of your tenant
https://stackoverflow.com/questions/26384034/how-to-get-the-Azure-account-tenant-id
{ClientId}: the GUID of your Azure AD Application
{redirectUri}: one of the Reply Url specified in Reply URLs Azure AD Application configuration
{resourceID}: the GUID of your application
{State}: a random string
This call response is 302 Found: in the Response Header copy the Code parameter into your favorite text editor.
Getting Access Token
Now I’ve to perform a POST call to this url, with header content type application/x-www-form-urlencoded
https://login.microsoftonline.com/{tenantId}/oauth2/token
By passing in the body the following parameters:
grant_type: authorization_code
client_id: {ClientId}
code: the previously copied code
client_secret: the key generated when you created the Azure AD Application
redirect_uri: one of the Reply Url specified in Reply URLs Azure AD Application configuration
The response of this call is a JSON like this:
{
"token_type": "Bearer",
"scope": "User.Read User.Read.All",
"expires_in": "3599",
"ext_expires_in": "0",
"expires_on": "1521823035",
"not_before": "1521819135",
"resource": "02176005-a1bf-4928-8b6f-430e88b002c3",
"access_token": "…",
"refresh_token": "…",
"id_token": "…"
}
The content of the field access_token is the value that I’ve to pass to my Web API service in order to authenticate myself.
Calling my Web API Service
The last step is to call my secured Web API Service authenticating myself using the previously generated token.
https://thisismyazurewebservice.azurewebsites.net//api/test/getuserinfo?sharePointUrl=https%3A%2F%2Fzsis.sharepoint.com%2Fsites%2FTestRusso
I’ve to perform a GET call to my service, by passing in query string the required parameters and adding in headers call the Authorization key using this format, by pasting the previously generated access token:
Bearer {access_token}
Note a space between the keyword Baerer and the token
And here the response of my service
[
"Sergio Russo",
"i:0#.f|membership|[email protected]",
]