I’m excited to share this latest update to my course, Mastering the SharePoint Framework for developers. Today’s update, packaged as sprint 13, includes two new chapters and a few updates… and it’s a huge release… the biggest yet adding over 3 hours of new content!
Sprint 13 also marks a milestone: the Fundamentals Bundle of the course is now content complete! This means all planned chapters are now published. I will continue to make edits to existing chapters updating content when circumstances warrant, but at this time no new chapters or lessons are planned.
The focus is now the Ultimate Bundle! First, let me share some details on the new chapters in sprint 13.
This post too long?
Then tune into a Facebook Live Sprint 13 GO LIVE! on Monday, February 11, 2019 at 1p EST to get all the details!
I have been holding off working on this chapter until Microsoft finished their support for secured services, which they did in late 2018 with the v1.6.0 release of the SharePoint Framework (SPFx).
While SPFx already had an API that we could use to call open REST APIs, the
HttpClient, it wasn’t terribly easy or possible to call Azure AD secured endpoints. In SPFx v1.6.0, Microsoft introduced a new API,
AadHttpClient, that you use with the new server-side infrastructure to call Azure AD secured REST APIs.
This addition, including the support for Microsoft Graph (more on that in a moment), nicely rounds out the SPFx story for calling REST APIs:
This chapter is huge… over 2 hours & 17 minutes long with loads of demos!
I start by explaining how SPFx approaches calling external APIs (usually this means REST APIs). The chapter then demonstrates how to create an open REST API using an Azure Function app and then an SPFx web part that both reads and writes to the service.
The chapter then moves onto the topic of REST APIs that are secured with Azure AD. I explain how you call these services from server-side code, such as .NET Framework, ASP.NET, .NET Core or Node.js to name a few. It’s important to understand how this works so you can understand the challenge when working with client-side solutions like SPFx.
This is where things get interesting…
I then explain how Microsoft has addressed this problem with a special Azure AD application that you grant permissions to & use it to proxy all calls to secured endpoints to Azure AD secured services.
Once you understand how the SPFx deals with these services, I walk you through a demo in calling an existing service secured with Azure AD: the Microsoft Graph.
While this sprint includes a chapter dedicated to calling the Microsoft Graph from SPFx, I want to show you how you can do it natively from SPFx without the special Graph support as it is a great way to demonstrate how it works.
To do this, you will see in a demo how to find & grant permission to the special SharePoint Azure AD app access to an Azure AD secured service, such as the Microsoft Graph, and then create a web part that leverages the new permission.
Now we get to have some fun!
The chapter then goes into the process of deploying a custom REST API and securing it with Azure AD. The service is pretty simple, but in it, you learn how to:
- deploy & configure the service to be secured with Azure AD
- implement custom permissions (scopes) on the REST API
- validate the call is made by a specific user so you can implement user-level security in your custom REST APIs
Using this simple example, you can easily roll out your own secured REST APIs for use in SharePoint Online!
Finally, the last demo in the chapter shows how to call this custom service using the new
AadHttpClient, rounding out the complete use case.
As I alluded to above, there is a whole chapter dedicated to the Microsoft Graph as well. The last chapter does show how Microsoft has simplified calling the Graph using the
So what’s next? I’m pushing ahead with the Ultimate Bundle. At the start of the year, I planned out the first half of 2019 with the goal of reaching content complete on the Ultimate bundle ASAP.
Want to learn more? Well, you need to tune into the Facebook Live Sprint 13 GO LIVE! next Monday, February 11, 2019 at 1p EST where I’ll explain the plans & answer any questions you have.