Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Cross Platform Applications for Office 365

Cross Platform Applications for Office 365

A major focus of Build 2015 is Office 365 as a platform. The desktop version of Office has been treated as a development platform since the early days of macros written in a variant of BASIC. Microsoft intends to recreate and expand upon that by turning Office 365 into a cross platform development platform available on any form factor or operating system.

Azure AD Common Consent Framework is going to be the universal authentication and authorization platform for all Office 365 applications. All users and all applications will have to be registered via Azure Active Directory.

From a protocol standpoint, all communication is done via REST and OAuth 2. Applications are not allowed to capture sue credentials, but they can hold onto long term refresh tokens.

New services include:

  • OneNote notebooks secured behind corporate credentials.
  • User Profiles
  • SharePoint Online: Managed Metadata
  • SharePoint Online: Videos
  • SharePoint Online: Modern Groups
  • Office Graph
  • Power BI
  • Dynamics CRM Online
  • 3rd Party Applications

Considerations for Native Azure Apps

A major security hole in OAuth 1 was the application token. This token was designed to allow websites to uniquely identify itself to the OAuth based-service. For native applications, this meant embedding the token in the application, which in turn means anyone can decompile and extract the token. Azure and Office 365 avoids this by not having the concept of an application level shared secret.

ADAL is used as a “web authentication broker”. This is exposed to the user as a web page that is launched from the application.

Azure for native apps only provide data endpoints. Eventually Microsoft wants to offer common controls such as people pickers, but for now each application has to reinvent the wheel when it comes to UI.

Application-only permissions are not supported, you can only act as the user. The work-around is to host your own server that does have the ability to perform application level operations.

Working with Cordova

Visual Studio with Update 4 and VS Tools for Cordova CTP 3.1 are highly recommended for accessing Office 365 from Cordova. This tool set has all of the scripts that you’ll need to support user authentication. More importantly, it also has wizards for registering applications with Office 365.

There are problems with this SDK. For example, the o365Loader.js doesn’t tell you when scripts are done loading, which can be problematic. So check the release notes carefully when using the CTP.

Testing Cordova apps on iOS still require a machine running OS X, even when using Visual Studio.

Working with Xamarin

Office 365 support comes out of the box in Xamarin. You can use the Connected Service Wizard to register your application and add the boilerplate needed to use Office 365.

To avoid writing massive amounts of OAuth code, you currently need to create a “bindings project” to bring in ADAL for iOS/Android. This will not be needed in ADAL 3.x, which is currently in alpha version.

As with all Xamarin projects, you need to decide how you want to structure your solution. You may choose between Xamarin Forms and native UIs. Either way, you will get a shared project for business logic and a platform specific project for each target platform.

Again, testing iOS applications requires having access to an OS X device.

For more information on working with Office 365, including the ADAL libraries to simplify OAuth, check out the Channel 9 presentation Overview of Cross-Platform Mobile Development with Office 365.

Rate this Article