FileMaker, Office365 and OAuth 2.0

Introduction

Do you want to access a User’s calendar? Or maybe send e-mails from within FileMaker that appear in the Sent Items folder, without using an e-mail client?

With the Microsoft Graph API you can connect to resources on Office 365, its Azure Portal and Windows. This allows powerful integrations from within your FileMaker custom app. As just some examples, you can sync event data in FileMaker with Office365 calendars, or scan a user’s mailbox to fetch mails related to a specific Project record.

The Microsoft Graph API is a powerful and well-documented restful API. To facilitate testing, you can use the Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer).

At ClickWorks, we have been using the Graph API successfully to build an Office365 Calendar sync. As we found, the first steps are the hardest. Indeed, the first step is to authenticate and get authorization to access resources on a user’s behalf. As in most RESTful API services, in order to access Office365 resources (i.e. calendar data, e-mails, a listing of files on a Sharepoint site) you will need an access token that represents a user’s authentication and authorization.This blog post and companion video explains how to get access to Office365 resources on behalf of a user.

The MS Graph API and OAuth2.0

The MS Graph API uses OAuth 2.0 to authenticate your app get user’s consent. Actually, there are 2 ways to accomplish this. You can use the Client Credentials Grant flow to obtain an access token outside of a user’s context. This is the simpler approach. You will use the client id and client secret (more on that later) to receive an access token directly, without having a user interacting with this process. I.e., the user does not have to login and give her or his consent to your app to access her or his Office365 resources. You will need to register your app in the Microsoft Azure portal and grant admin consent for your organisation as a whole. Then to access the Graph API, you can just use the client id and client secret that comes with your registered app directly.

The second and more complex OAuth 2.0 flow is the so-called Authorization Code Grant flow. Users will need to login, and give their explicit consent to access their resources. You will – as in the Client Credentials Grant flow – need to register your app in the Microsoft Azure portal first. Then you will need to implement the flow in your FileMaker App. This can be hard to figure out. That is why we created a demo file to demonstrate an implementation based on a webviewer and scripting. We also created a short video as a walkthrough on how to use the demo file. The demo file and video is not meant to fully document the API integration, but is rather an entry point into user authentication.