Ensure that authentication is working

[Spurrya]

In api/graph.js, createUser is supposed to add user to the tenant. Ensure this method works or find how to do proper authentication.

Info from Bhaanu: Useful resources for doing office 365 authentication using java script library

https://github.com/AzureAD/azure-activedirectory-library-for-js -- (ADAL) https://github.com/OfficeDev/O365-jQuery-CORS - ADAL with JQuery & CORS

overview & process documentation (but sample in .net) http://www.cloudidentity.com/blog/2015/02/19/introducing-adal-js-v1/

@Spurrya will anyone be working on this?

[bhaanu77]

@Spurrya we don't need the functionality to create a user. Our use cases are only the following for API:

1. Chrome extension tells which Office365 user is using which chrome extension id (note that there can be multiple requests coming for same user, as he might be using multiple laptops / multiple people from Hackathon might be using this to test it with same Office365 user)
2. This might be only needed if we want to test different office365 users using same chrome extension on same laptop. So until the complete end to end flow is working fine and is ready for doing a video demo, don't implement this point
3. Salesforce tells that that a user has completed a major work task e.g. closed his Support ticket / case in CRM.

Please let me know if you think we need the functionality of creating user through REST API for some reason.

[bhaanu77]

@Spurrya I think we do not have problem with Graph api / office-365 authentication. We granted rights to the app to read / create all valid user's calendars. We got the token (alternative but secure method for authentication used for many API integrations I have seen) from that step and use it in this app now. So unless I misunderstood something I think Authentication part is fine for now.

[Spurrya]

Hi, I understand your concern. My concern is that token isn't the microsoft auth id. Token is something that does not last long. If you check our Azure AD, only two users are authorized. The one we added manually. I wish to do this process while adding user to the database.

[bhaanu77]

Hi Spurrya

I am not sure what user story or customer problem you are trying to address with this functionality.

If your aim is to allow anyone with a office365 / outlook.com user ID to enable using yofit app that is a desirable use case. But that definitely would not be in iteration_1, because we will say that our customers(in a specific organization) need to give all permissions to their users to help this app work for them.

Corporate policies do not never allow adding a new office365 user because the user needs to use an app like yofit. If that is your main goal, I am afraid that this effort will be in vain as it will never be used in real life.

When user installs chrome extension we just map his existing office365 user ID to chrome extension ID. We do not and should not create a new user in active directory. Because I guess that would mean: I would be allowed to create a new user in office365 if I install the chrome extension and give my office email details.

Let us have a call tomorrow to help you understand this.

Thank you.

Thank you. On 18 Feb 2016 02:41, "Spurrya Jaggi" notifications@github.com wrote:

Hi, I understand your concern. My concern is that token isn't the microsoft auth id. Token is something that does not last long. If you check our Azure AD, only two users are authorized. The one we added manually. I wish to do this process while adding user to the database.

— Reply to this email directly or view it on GitHub https://github.com/Spurrya/Calfit/issues/1#issuecomment-185516843.

[bhaanu77]

Tokens is the permanent way of authentication. I have configured many apps in our company. I am the global admin for internal and customer facing apps. I read many specs in our company that recommend token based authentication, because it allows not transmitting user name password over Internet. Transmitting actual user credentials over Internet is not recommended in many scenarios. I am a certified sales force architect and I had study all the secure ways of integrating apps to qualify for that.

Cheers. On 18 Feb 2016 05:37, "Bhaanu Madhineni" bhaanufinland@gmail.com wrote:

Hi Spurrya

I am not sure what user story or customer problem you are trying to address with this functionality.

If your aim is to allow anyone with a office365 / outlook.com user ID to enable using yofit app that is a desirable use case. But that definitely would not be in iteration_1, because we will say that our customers(in a specific organization) need to give all permissions to their users to help this app work for them.

Corporate policies do not never allow adding a new office365 user because the user needs to use an app like yofit. If that is your main goal, I am afraid that this effort will be in vain as it will never be used in real life.

When user installs chrome extension we just map his existing office365 user ID to chrome extension ID. We do not and should not create a new user in active directory. Because I guess that would mean: I would be allowed to create a new user in office365 if I install the chrome extension and give my office email details.

Let us have a call tomorrow to help you understand this.

Thank you.

Thank you. On 18 Feb 2016 02:41, "Spurrya Jaggi" notifications@github.com wrote:

Hi, I understand your concern. My concern is that token isn't the microsoft auth id. Token is something that does not last long. If you check our Azure AD, only two users are authorized. The one we added manually. I wish to do this process while adding user to the database.

— Reply to this email directly or view it on GitHub https://github.com/Spurrya/Calfit/issues/1#issuecomment-185516843.

[Spurrya]

Ok, lets just discuss this in the evening (Toronto time) because I have a few concerns.

[Spurrya]

@sanchitgera - On successful authentication, on addition to adding a user to Azure AD, add them calfit.azurewebsites.net/api/users/ along with their chromeId. The code for it is already there just make sure that both the databases are updated.

[bhaanu77]

@sanchitgera I would like to clarify that we are only authenticating existing users with Azure AD, not really creating any. Once the authentication succeeds chrome extension should make a POST request to the URL calfit.azurewebsites.net/api/users/ with following parameters. That request maps authenticated user to his chromeid. As she said we have to store that mapping in both chrome extension data store and server side. In place of email, you have to send the authenticated user's email (or ## username since getting userid through {{userInfo.userName}} is easier with ADAL). "email":"bhaanu@yofit1.onmicrosoft.com","chromeId":"454354"

Only potentially confusing part in what @Spurrya said is that, it might give a meaning we are creating a user, when we are actually mapping a user to his chromeid.