Beginning Microsoft Graph

What are Javascript Applications?

Your browser needs to be JavaScript capable to view this video

Try reloading this page, or reviewing your browser settings

Autoplay:
View previous videoPrevious video View next video

The segment describes JavaScript applications.

Keywords

  • Javascript
  • single page application
  • SPA

About this video

Author(s)
Sahil Malik
First online
14 January 2019
DOI
https://doi.org/10.1007/978-1-4842-3965-0_3
Online ISBN
978-1-4842-3965-0
Publisher
Apress
Copyright information
© Sahil Malik 2019

Video Transcript

Sahil Malik: So since our focus here is JavaScript Applications, I think it’s important that we define what we mine by JavaScript Applications for the purposes of this video. Well JavaScript is an incredibly popular language. Why? Because it runs everywhere and its performances have improved many fold over the last many years.

You can use JavaScript to write Server side apps using NodeJS or Mobile apps using Cordova. Native desk top apps using Electron or Web Pages also known as single page applications or SPAs. For the purposes of this video, when I say JavaScript Application, I am referring to a web page or a SPA. That is what I mean by JavaScript.

So how exactly is this going to work? Well a SPA is nothing but a JavaScript running on a Web Page, and in our case, it is going to be call an API. This API may or may not be served from the same URL that the web page came from. In many instances that’s not the case. It is calling an API on a different resource. So it needs to support things like CORS – C-O-R-S Cross Object Resource Sharing.

For the purposes of Microsoft Graph and Azure AD let’s see how this looks like? The Web Page, well it’s still a Web Page, but for the purposes of Azure AD, we refer to it as a Native app and it’s called Microsoft Graph. This is also protected by Azure AD. So Azure AD knows both sides of the equation here. Microsoft Graph it already knows about, but our Web Page well it doesn’t know about that so we need to go through the process of registering our native app inside of Azure AD.

Important things, there is no secure off line storage for a Web Page. Things like local storage etc. are not considered secure after the user closes the browser. So you can’t use concepts like long lasting refresh tokens. So whenever the user opens their Web Page and wishes to use an end point, guess what? They need to re-authenticate. There are some things you can do like [inaudible 00:02:35] etc. to make that a little less painful, but the user will need to re-authenticate.

The authentication protocol we use here is called as OAuth2 Implicit Flow. So with these technical backgrounds behind us, let us dive a little bit deeper into all of these concepts before we see some code.