I’m excited to share this latest update to my course, Mastering the SharePoint Framework for developers. Today’s update, packaged as sprint 13, includes two new chapters and a few updates… and it’s a huge release… the biggest yet adding over 3 hours of new content!
Sprint 13 also marks a milestone: the Fundamentals Bundle of the course is now content complete! This means all planned chapters are now published. I will continue to make edits to existing chapters updating content when circumstances warrant, but at this time no new chapters or lessons are planned.
The focus is now the Ultimate Bundle! First, let me share some details on the new chapters in sprint 13.
TL;DR: Post too long? Tune into the webcast:
Then tune into a Facebook Live Sprint 13 GO LIVE! on Monday, February 11, 2019 at 1p EST to get all the details!
Leveraging External APIs in SPFx Solutions
I have been holding off working on this chapter until Microsoft finished their support for secured services, which they did in late 2018 with the v1.6.0 release of the SharePoint Framework (SPFx).
While SPFx already had an API that we could use to call open REST APIs, the HttpClient
, it wasn’t terribly easy or possible to call Microsoft Entra ID secured endpoints. In SPFx v1.6.0, Microsoft introduced a new API, AadHttpClient
, that you use with the new server-side infrastructure to call Entra ID secured REST APIs.
This addition, including the support for Microsoft Graph (more on that in a moment), nicely rounds out the SPFx story for calling REST APIs:
This chapter is huge… over 2 hours & 17 minutes long with loads of demos!
SPFx’s Approach to calling REST APIs
I start by explaining how SPFx approaches calling external APIs (usually this means REST APIs). The chapter then demonstrates how to create an open REST API using an Azure Function app and then an SPFx web part that both reads and writes to the service.
Understanding how to call Entra ID Secured REST APIs
The chapter then moves onto the topic of REST APIs that are secured with Entra ID. I explain how you call these services from server-side code, such as .NET Framework, ASP.NET, .NET Core or Node.js to name a few. It’s important to understand how this works so you can understand the challenge when working with client-side solutions like SPFx.
This is where things get interesting…
Understanding how SPFx calls Entra ID Secured REST APIs
I then explain how Microsoft has addressed this problem with a special Entra ID application that you grant permissions to & use it to proxy all calls to secured endpoints to Entra ID secured services.
Once you understand how the SPFx deals with these services, I walk you through a demo in calling an existing service secured with Entra ID: the Microsoft Graph.
While this sprint includes a chapter dedicated to calling the Microsoft Graph from SPFx, I want to show you how you can do it natively from SPFx without the special Graph support as it is a great way to demonstrate how it works.
To do this, you will see in a demo how to find & grant permission to the special SharePoint Entra ID app access to an Entra ID secured service, such as the Microsoft Graph, and then create a web part that leverages the new permission.
Creating & Deploying an Entra ID Secured REST API with Azure Functions
Now we get to have some fun!
The chapter then goes into the process of deploying a custom REST API and securing it with Entra ID. The service is pretty simple, but in it, you learn how to:
- deploy & configure the service to be secured with Entra ID
- implement custom permissions (scopes) on the REST API
- validate the call is made by a specific user so you can implement user-level security in your custom REST APIs
Using this simple example, you can easily roll out your own secured REST APIs for use in SharePoint Online!
Finally, the last demo in the chapter shows how to call this custom service using the new AadHttpClient
, rounding out the complete use case.
Leveraging the MSGraphClient to call the Microsoft Graph
As I alluded to above, there is a whole chapter dedicated to the Microsoft Graph as well. The last chapter does show how Microsoft has simplified calling the Graph using the MSGraphClient
API which leverages the same Entra ID support I describe above, but also the JavaScript SDK provided by the Microsoft Graph team.
Moving Forward on the Ultimate Bundle
So what’s next? I’m pushing ahead with the Ultimate Bundle. At the start of the year, I planned out the first half of 2019 with the goal of reaching content complete on the Ultimate bundle ASAP.
Want to learn more? Well, you need to tune into the Facebook Live Sprint 13 GO LIVE! next Monday, February 11, 2019 at 1p EST where I’ll explain the plans & answer any questions you have.