title | author | description | keywords | dev_langs | |
---|---|---|---|---|---|
Authentication Providers Overview |
shweaver-MSFT |
Authentication providers that enable easy access to Microsoft Graph APIs. |
uwp, wpf, netstandard, windows, community, toolkit, graph, login, authentication, provider, providers, identity, msa, wam |
|
Authentication is always the first step to working with Microsoft Graph. The toolkit providers enable your application to authenticate with Microsoft Identity and access Microsoft Graph in only few lines of code. Each provider handles user authentication and acquiring access tokens to call Microsoft Graph APIs, so that you don't have to write this code yourself.
You can use the providers on their own, without components, to quickly implement authentication for your app and make calls to Microsoft Graph via the Microsoft Graph .NET SDK.
The providers are required when using the Microsoft Graph Toolkit helpers and controls so they can access Microsoft Graph APIs. If you already have your own authentication and want to use the helpers and controls, you can use a custom provider instead.
The toolkit includes the following providers:
Providers | Description |
---|---|
Msal | Uses MSAL for .NET to sign in users and acquire tokens to use with Microsoft Graph in NetStandard 2.0 applications. |
Windows | Uses native WebAccountManager (WAM) APIs to sign in users and acquire tokens to use with Microsoft Graph in UWP applications. |
Custom | Create a custom provider to enable authentication and access to Microsoft Graph with your application's existing authentication code. |
To use an authentication provider in your app, you need to set it as the global provider. The ProviderManager is the singleton that stores the globally accessible IProvider implementation and signals events in response to authentication state changes.
Set the GlobalProvider
property at app startup and any other Graph based code will respond to any changes as users sign in and out.
using CommunityToolkit.Authentication;
// Set the GlobalProvider to an IProvider implementation.
ProviderManager.Instance.GlobalProvider = new WindowsProvider();
We recommend adding all the permission scopes your application may need when initializing your provider. This is optional, but will improve your user experience by presenting a single consent screen to the user with an aggregated list of permissions requested by all components in your app, rather than presenting separate prompts per scope as requested by the helpers and controls. The following example shows how to do this with the WindowsProvider.
using CommunityToolkit.Authentication;
string[] scopes = new string[] { "User.Read", "People.Read" };
ProviderManager.Instance.GlobalProvider = new WindowsProvider(scopes);
The providers keeps track of the user's authentication state and communicate it outwards. For example, when a user successfully signs in, the ProviderState
is updated to SignedIn
, signaling to the application that it is now able to make calls to Microsoft Graph.
public enum ProviderState
{
// The user's status is not known.
Loading,
// The user is signed-out.
SignedOut,
// The user is signed-in.
SignedIn,
}
In some scenarios, you will want to show certain functionality or perform an action only after a user has successfully signed in. You can access and check the provider state as shown in the following example:
using CommunityToolkit.Authentication;
if (ProviderManager.Instance.GlobalProvider?.State === ProviderState.SignedIn) {
// your code here
}
Use the ProviderUpdated
and ProviderStateChanged
events to get notified whenever provider is set or changes state.
using CommunityToolkit.Authentication;
ProviderManager.Instance.ProviderUpdated += OnProviderUpdated;
ProviderManager.Instance.ProviderStateChanged += OnProviderStateChanged;
void OnProviderUpdated(object sender, IProvider provider)
{
// The global provider has been set.
}
void OnProviderStateChanged(object sender, ProviderUpdatedEventArgs args)
{
// The state of the global provider has changed.
}
To respond to provider state changes from XAML, try out the ProviderStateTrigger
state trigger.
Available in the CommunityToolkit.Graph.Uwp
package.
<VisualStateManager.VisualStateGroups xmlns:uwp="using:CommunityToolkit.Graph.Uwp">
<VisualStateGroup>
<VisualState>
<VisualState.StateTriggers>
<uwp:ProviderStateTrigger State="SignedIn" />
</VisualState.StateTriggers>
<VisualState.Setters>
<Setter Target="ContentPivot.Visibility" Value="Visible" />
</VisualState.Setters>
</VisualState>
</VisualStateGroup>
</VisualStateManager.VisualStateGroups>
<Pivot Name="ContentPivot" Visibility="Collapsed">
<!-- The pivot will only be visible when the global provider is in a signed in state, and otherwise collapsed. -->
</Pivot>
The FrameworkElement.IsVisibleWhen
attached property makes it easy to toggle visibility for any FrameworkElement
.
Available in the CommunityToolkit.Graph.Uwp
package.
<Pivot Name="ContentPivot" uwp:ElementExtensions.IsVisibleWhen="SignedIn">
<!-- The pivot will only be visible when the global provider is in a signed in state, and otherwise collapsed. -->
</Pivot>
Each provider exposes a function called getTokenAsync
that can retrieve the current access token or retrieve a new access token for the provided scopes. The following example shows how to get a new access token or the currently signed in user:
using CommunityToolkit.Authentication;
// Assuming a provider has already been initialized
IProvider provider = ProviderManager.Instance.GlobalProvider;
string token = await provider.GetTokenAsync(silentOnly: false);
Once authenticated, you can now make API calls to Microsoft Graph using the Graph SDK or without. See the Extensions page for an example of how to authenticate an outbound request directly.
Access APIs using the Graph SDK through a preconfigured GraphServiceClient
available through an extension method on IProvider
called GetClient()
and GetBetaClient()
.
See Microsoft Graph Extensions for more details.
It's possible to authenticate and make all Graph requests manually, without the Graph SDK. This can reduce package size significantly. However, using the Graph SDK is certainly the easiest way to work with Graph in .NET because the GraphServiceClient
offers a convenient way of building requests and includes all of the object types ready to use.
Available in the CommunityToolkit.Graph
package.
using CommunityToolkit.Authentication;
using CommunityToolkit.Graph.Extensions;
IProvider provider = ProviderManager.Instance.GlobalProvider;
GraphServiceClient graphClient = provider.GetClient();
var me = await graphClient.Me.Request().GetAsync();