Thursday, May 26, 2016

UCWA 2.0 and Skype for Business online: Authentication without a browser

Authentication without a browser

Many samples that demonstrate authenticating with UCWA 2.0 use the Office 365 log-in page in the web browser. However, it's also possible to write a C# console application that doesn't require opening a web browser for the user to authenticate. This requires create a native Azure AD application. This quote from the Microsoft article Authentication using Azure AD explains the difference:
"As part of registration, you specify whether your app is a Web application, such as an MVC or Web Forms solution, or a native app, such as a smart phone or other mobile device. Azure AD uses this information to generate resources your app will need to authenticate with Azure."
Once the native app is registered in Azure AD then its time to write the code that does the authentication dance with the UCWA and Skype for Business online servers, which goes something like this.

Authenticating with UCWA 2.0


  1. Make an auto-discovery request to the service endpoint to find the user's UCWA home pool
  2. Request an access token from the server location that the auto-discovery request provided
  3. Make an auto-discovery request with the new access token to the UCWA application resource
    1. Possibly make the above request again if a redirect or user resource is returned instead of an application URL. If the application URL isn't returned, replace the UCWA application resource from the above step with either the redirect resource or user resource.
  4. Once the application services root URL is obtained from the previous step, request an access token from that server
  5. With the new access token, send a POST request to the application resource URL to register your console app with the UCWA server.

There's a helpful StackOverflow post about the above flow, found here.

The trick to getting authentication to work with a headless client is that the username and password need to be available to the program to pass to the resource when requesting an access token, such as:

var ar = await authContext.AcquireTokenAsync(resourceUri, UcSettings.ApplicationId, new UserCredential(UcSettings.Username, UcSettings.Password));

References

https://msdn.microsoft.com/en-us/library/office/mt590891(v=office.16).aspx

http://stackoverflow.com/questions/36394676/sending-im-with-skype-for-business-online-from-console-app

Skype Web SDK

The latest developer API for Skype for Business is the Skype Web SDK. The Skype Web SDK provides a whole host of functions to interact with Skype for Business in Office 365. Unlike UCWA 2.0, the SDK feels more complete for Office 365 with abilities such as adding groups. Another difference is it is programmed in JavaScript!

The SDK doesn't need to be installed as it is hosted on a Skype site. All you need to do is add a <script/> tag in the HTML file, as follows:
<script src="https://swx.cdn.skype.com/shared/v/1.2.15/SkypeBootstrap.min.js"></script>
This is called bootstrapping the JavaScript libraries hosted at the Skype Web SDK entry point which happens to be swx.cdn.skype.com.

Like the Unified Communications Web API (UCWA) 2.0, that has been written about in previous blog posts, the Skype Web SDK authenticates users against Skype for Business on Office 365 servers through Azure Active Directory. The pre-requisite in both these cases is to have an Azure AD app configured to allow API access to the Skype for Business app. More information on how this works with Skype Web SDK can be found here, under "App Registration".

To learn more about what's supported in this developer platform or to inspect the matrix of features offered by the Skype Web SDK, check out this page under "Feature support matrix".

References


https://msdn.microsoft.com/EN-US/library/office/mt622687(v=office.16).aspx

https://msdn.microsoft.com/en-us/library/office/mt670739(v=office.16).aspx

Friday, May 20, 2016

UCWA 2.0 and Skype for Business online: Adding a contact

Authentication and Resources

While authentication using Azure AD and resources in UCWA 2.0 are not the topic of this post, they're necessary to get to the point of adding a contact to the Skype for Business contact list. I found this StackOverflow post very helpful, along with the Microsoft documentation. Also, understanding the nested formation of URL resources can be difficult, this Microsoft documentation is clarifying and can add some much needed visualization to the problem.

Adding a contact to the Skype for Business contact list

To add a new contact to the Skype for Business contact list with UCWA 2.0, a POST request will be made to the "people" resource myGroupMemberships. This path will look something like 
/ucwa/oauth/v1/applications/XXX/people/groupMemberships
This path should be appended to the end of the UCWA application resource URL, such as:
https://webpoolXXXX.infra.lync.com/ucwa/oauth/v1/applications/XXX/people/groupMemberships
The URI of the new contact will be passed as a parameter in this URL. So, if the contact's URI is sip:newContact@acme.com, it will look something like:
https://webpoolXXXX.infra.lync.com/ucwa/oauth/v1/applications/XXX/people/groupMemberships?contactUri=sip%3AnewContact%40acme.com

There is an option to create the new contact in a specific group by including the ID of the group the contact should be added to. This demonstration doesn't include the group ID, so the contact is added to the default group. In the test cases, this was the group "Other Contacts".

All requests to UCWA resources require a bearer token to be present in the authentication header. Also, because the myGroupMemberships resource that's being accessed is in UCWA version 2.0, this version needs to be specified in the POST request with the "X-MS-RequiresMinResourceVersion" header, such as
float version = 2.0F;
client.DefaultRequestHeaders.Add("X-MS-RequiresMinResourceVersion", version.ToString());
If this POST request is made to the correct application URL with the bearer token, and version header, the new contact should appear in the authenticated user's Skype for Business client almost immediately. In rare cases, it might be necessary to log-out and then back in to see the changes.

This MSDN forum post was very helpful for this blog.

References






UCWA 2.0 and Skype for Business online: Create an Azure AD application

UCWA 2.0

Unified Communications Web API (UCWA) 2.0 is the first officially supported API for Skype for Business online. If an application is looking to talk to Skype for Business on Office 365 this is the way to do it, albeit limited. UCWA 2.0 exposes some, but not all, interactions with Skype that may be desired. For example, groups are a read-only resource in this version. While it might be desired to create a new group in a Skype for Business contact list, this is not possible in UCWA 2.0.

Create an Azure AD application for Skype for Business online

These steps will outline how to create an Azure AD (AAD) application that exposes the Skype for Business online API. Follow the steps from both sections in these directions from Microsoft. Make the following modification. At step 9, under "Register your application with Azure AD", select as many of the Delegated permissions as desired. For example, the permission "Read and manage Skype for Business user cont..." is required to get the Skype for Business contacts and to add new contacts to the buddy list. If you're curious to learn more about the difference between Application and Delegated permissions read this page.

References


Thursday, May 12, 2016

Stay connected with your University with just a single click!

Instant Chime addresses the needs of a well-known University, providing them the power to connect with their students in a more efficient way. Chime has empowered their service desk so that students get the help they need faster, eliminating the frustration of waiting. Universities realize that students do not want to waste time searching for answers to issues that could be addressed in minutes. Instant Chime is a simple click-to-chat help desk resolution tool for the productive student.

The IT Computer Support Coordinator with the University using Chime recently stated, “We have been using Chime to support our student population in the library. Since the library has over 300 computers across three floors and we are located on the first floor, Chime has allowed us to provide click-to-chat support to students at various areas in the library. We use it to answer questions, or dispatch a technician to meet with the student. It allows the student to not have to pack everything up then walk over to see us.”

Screen Shot Below:



For more questions visit: http://www.addchime.com/