Cross Platform Applications for Office 365

| by Jonathan Allen Follow 611 Followers on Apr 29, 2015. Estimated reading time: 2 minutes |

A major focus of Build 2015 is Office 365 as a platform. The desktop version of Office has been treated as a development platform since the early days of macros written in a variant of BASIC. Microsoft intends to recreate and expand upon that by turning Office 365 into a cross platform development platform available on any form factor or operating system.

Azure AD Common Consent Framework is going to be the universal authentication and authorization platform for all Office 365 applications. All users and all applications will have to be registered via Azure Active Directory.

From a protocol standpoint, all communication is done via REST and OAuth 2. Applications are not allowed to capture sue credentials, but they can hold onto long term refresh tokens.

New services include:

  • OneNote notebooks secured behind corporate credentials.
  • User Profiles
  • SharePoint Online: Managed Metadata
  • SharePoint Online: Videos
  • SharePoint Online: Modern Groups
  • Office Graph
  • Power BI
  • Dynamics CRM Online
  • 3rd Party Applications

Considerations for Native Azure Apps

A major security hole in OAuth 1 was the application token. This token was designed to allow websites to uniquely identify itself to the OAuth based-service. For native applications, this meant embedding the token in the application, which in turn means anyone can decompile and extract the token. Azure and Office 365 avoids this by not having the concept of an application level shared secret.

ADAL is used as a “web authentication broker”. This is exposed to the user as a web page that is launched from the application.

Azure for native apps only provide data endpoints. Eventually Microsoft wants to offer common controls such as people pickers, but for now each application has to reinvent the wheel when it comes to UI.

Application-only permissions are not supported, you can only act as the user. The work-around is to host your own server that does have the ability to perform application level operations.

Working with Cordova

Visual Studio with Update 4 and VS Tools for Cordova CTP 3.1 are highly recommended for accessing Office 365 from Cordova. This tool set has all of the scripts that you’ll need to support user authentication. More importantly, it also has wizards for registering applications with Office 365.

There are problems with this SDK. For example, the o365Loader.js doesn’t tell you when scripts are done loading, which can be problematic. So check the release notes carefully when using the CTP.

Testing Cordova apps on iOS still require a machine running OS X, even when using Visual Studio.

Working with Xamarin

Office 365 support comes out of the box in Xamarin. You can use the Connected Service Wizard to register your application and add the boilerplate needed to use Office 365.

To avoid writing massive amounts of OAuth code, you currently need to create a “bindings project” to bring in ADAL for iOS/Android. This will not be needed in ADAL 3.x, which is currently in alpha version.

As with all Xamarin projects, you need to decide how you want to structure your solution. You may choose between Xamarin Forms and native UIs. Either way, you will get a shared project for business logic and a platform specific project for each target platform.

Again, testing iOS applications requires having access to an OS X device.

For more information on working with Office 365, including the ADAL libraries to simplify OAuth, check out the Channel 9 presentation Overview of Cross-Platform Mobile Development with Office 365.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you