From the course: Microsoft Graph for Developers

A brief history lesson

From the course: Microsoft Graph for Developers

A brief history lesson

- [Narrator] Let's start with a short history lesson and understand how we got to where we are. There are a number of Graph API's. And your application simply makes a REST` call with an access token to access these API's. If you look back into history, let's say at the beginning of the century, authentication was a much simpler challenge. To apply the complexity of Internet to authentication, things became a little bit more challenging. Now, organizations could solve this challenge themselves and certainly they have the tools to do so. And those tools are like ADFS, et cetera but people ask for standards. And while these standards and documentation, et cetera existed, for on premises, the challenge became harder and harder as we went along. So the first rev that we got to solve this problem was Azure ACS, Access Control Services. Azure ACS is pretty old at this point and nobody really uses that. So when Microsoft was creating Office 365, they needed a robust solution to hold all your work accounts. You may have noticed that sometimes when you sign in to Microsoft 365, it asks you to sign in using a work account or a personal account. Right around then, when Windows Eight came around, they gave you the possibility of signing into Windows Eight using a Microsoft account, also known as Live ID. And this is the reality we live in today. Windows 10 has come out and still we have these Microsoft accounts, Live ID's or work accounts. And Microsoft is trying to converge these two, both from a development perspective, so you don't have to deal with the complexity of these two being different, and also from a user experience perspective because let's be honest, it is confusing for users to understand the difference between these two sometimes. As time went along, a number of scenarios emerged. Office 365 has gotten richer as time has moved forward. They've hired more and more applications in there. More API's have emerged and people want to do more with Office 365, they want Office 365 functionality on their phones, in websites, in desktop applications. And to support all of these, Microsoft Graph is the API that facilitates all of this. So where are we today? As I mentioned, Azure ACS is on it's way out. In fact, at the time of recording this course, the only Microsoft product that depends on it is the Provider-Hosted App Model for SharePoint. And even that hopefully will reduce it's dependence on Azure ACS going forward. So currently, if you want to target the Microsoft Graph API's, you would use Azure AD. And when you use Azure AD, you would use either the v1 app model, which is currently very mature and supports almost everything you need. But then there is the v2 app model, which offers the integration of personal and work accounts. Another thing that it offers is that in the v1 app model, if your application needs certain permissions, it has to ask for all of those permissions when you install the application or the first time you run the application and the application installs itself. Whereas in the v2 app model, you ask for permissions as you need. So your permissions can grow as the user starts using the application. Naturally, the v2 app model is a lot more flexible and a lot more powerful, but it is not mature as of now. So currently, the mature portion of the Microsoft Graph API is the v1 app model and almost everything works there. And the v2 app model is where it is headed in the future. So quick note about what I don't intend to cover in this course. All the various API's in Microsoft Graph and believe me, there are quite a few. They're all rest API's. It doesn't make sense for me to show you every API one by one and give you a boring rundown of those API's. All those API's are just simple REST calls if you can call slash users, you can call slash mail. All of these API's are accessed with an access token on them. The trick or the complicated part is getting and managing that access token and the refresh token and understanding the life cycles of these and managing them. If you can call one API and you understand these concepts, you'll be able to call all the API's.

Contents