Sending IM with Skype for Business Online from Console App

Question

I am trying to set up a C# console app that can send notifications/reminders to users via Skype for Business online from a generic AD account. I was excited to see the other day that according to this page, UCWA is now supported in Skype for Business online: https://msdn.microsoft.com/en-us/library/office/mt650889.aspx .

I've been trying to follow this tutorial to get this set up: https://msdn.microsoft.com/en-us/library/office/mt590891(v=office.16).aspx . So far I haven't really had much luck... I have my application set up in Azure AD but I get stuck at the "Requesting an access token using implicit grant flow" step of that article (not 100% certain I'm taking the correct actions before that either)... so far I have this:

        string clientId = "xxxxxxxx"
        string resourceUri = "https://webdir.online.lync.com";
        string authorityUri = "https://login.windows.net/common/oauth2/authorize";
        AuthenticationContext authContext = new AuthenticationContext(authorityUri);
        UserCredential cred = new UserCredential("username", "password");
        string token = authContext.AcquireToken(resourceUri, clientId, cred).AccessToken;


        var poolReq = CreateRequest("https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root", "GET",token);
        var poolResp = GetResponse(poolReq);

        dynamic tmp = JsonConvert.DeserializeObject(poolResp);
        string resourcePool = tmp._links.user.href;

        Console.WriteLine(resourcePool);

        var accessTokenReq = CreateRequest("https://login.windows.net/common/oauth2/authorize"
            + "?response_type=id_token"
            + "&client_id=" + clientId
            + "&redirect_uri=https://login.live.com/oauth20_desktop.srf"
            + "&state=" + Guid.NewGuid().ToString()
            + "&resource=" + new Uri(resourcePool).Host.ToString()
            , "GET",token);
        var accessTokenResp = GetResponse(accessTokenReq);

my GetResponse and CreateRequest methods:

    public static string GetResponse(HttpWebRequest request)
    {
        string response = string.Empty;

        using (HttpWebResponse httpResponse = request.GetResponse() as System.Net.HttpWebResponse)
        {
            //Get StreamReader that holds the response stream
            using (StreamReader reader = new System.IO.StreamReader(httpResponse.GetResponseStream()))
            {
                response = reader.ReadToEnd();
            }
        }

        return response;
    }



    public static HttpWebRequest CreateRequest(string uri, string method, string accessToken)
    {
        HttpWebRequest request = System.Net.WebRequest.Create(uri) as System.Net.HttpWebRequest;
        request.KeepAlive = true;
        request.Method = method;
        request.ContentLength = 0;
        request.ContentType = "application/json";
        request.Headers.Add("Authorization", String.Format("Bearer {0}", accessToken));

        return request;
    }

accessTokenResp is an office online logon page, not the access token I need to move forward... so I'm stuck. I've tried quite a few variations of the above code.

I've been scouring the net for more examples but can't really find any, especially since UCWA support for Office 365 is so new. Does anyone have an example of how to do what I am trying to do or can point me to one? Everything I've found so far hasn't really even been close to what I'm trying. I can't use the Skype for Business client SDK unfortunately either as it doesn't meet all of my requirements.

Answer 1

I came to a working solution using ADAL (v3), with the help of steps outlined at Authentication using Azure AD

Here the steps, which involve requesting multiple authentication tokens to AAD using ADAL

• Register your application, as Native Application, in Azure AD.

• Perform autodiscovery to find user's UCWA root resource URI.
  This can be done by performing a GET request on
  GET https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=yourdomain.onmicrosoft.com

• Request an access token for the UCWA root resource returned in the autodiscovery response, using ADAL
  For instance, your root resource will be at https://webdir0e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=yourdomain.onmicrosoft.com
  you'll have to obtain a token from AAD for resource https://webdir0e.online.lync.com/

• Perform a GET on the root resource with the bearer token obtained from ADAL
  GET https://webdir0e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=yourdomain.onmicrosoft.com

• This will return, within the user resource, the URI for applications resource, where to create your UCWA application. This in my case is:
  https://webpoolam30e08.infra.lync.com/ucwa/oauth/v1/applications
  Residing then in another domain, thus different audience / resource, not included in the auth token previously obatained

• Acquire a new token from AAD for the host resource where the home pool and applications resource are ( https://webpoolam30e08.infra.lync.com in my case)

• Create a new UCWA application by doing a POST on the applications URI, using the token obtained from ADAL

Voilá, your UCWA application is created. What I notice at the moment, is that just few resources are available, excluding me / presence. So users' presence can be retrieved, but self presence status can't be changed. I've been able however to retrieve my personal note, and the following resources are available to me:

• people
• communication
• meetings

Show me some code:

Function to perform the flow obtaining and switching auth tokens

public static async Task<UcwaApp> Create365UcwaApp(UcwaAppSettings appSettings, Func<string, Task<OAuthToken>> acquireTokenFunc)
{
    var result = new UcwaApp();
    result.Settings = appSettings;

    var rootResource = await result.Discover365RootResourceAsync(appSettings.DomainName);
    var userUri = new Uri(rootResource.Resource.GetLinkUri("user"), UriKind.Absolute);
    //Acquire a token for the domain where user resource is
    var token = await acquireTokenFunc(userUri.GetComponents(UriComponents.SchemeAndServer, UriFormat.SafeUnescaped));
    //Set Authorization Header with new token
    result.AuthToken = token;
    var usersResult = await result.GetUserResource(userUri.ToString());
    //
    result.ApplicationsUrl = usersResult.Resource.GetLinkUri("applications");
    var appsHostUri = new Uri(result.ApplicationsUrl, UriKind.Absolute).GetComponents(UriComponents.SchemeAndServer, UriFormat.SafeUnescaped);
    //Acquire a token for the domain where applications resource is
    token = await acquireTokenFunc(appsHostUri);
    //Set Authorization Header with new token
    result.AuthToken = token;
    //
    var appResult = await result.CreateApplicationAsync(result.ApplicationsUrl, appSettings.ApplicationId, appSettings.UserAgent, appSettings.Culture);

    return result;
}

Usage code ato retrieve OAuth tokens using ADAL

var ucSettings = new UcwaAppSettings
{
    UserAgent = "Test Console",
    Culture = "en-us",
    DomainName = "yourdomain.onmicrosoft.com",
    ApplicationId = "your app client id"
};

var acquireTokenFunc = new Func<string, Task<OAuthToken>>(async (resourceUri) =>
{
   var authContext = new AuthenticationContext("https://login.windows.net/" + ucSettings.DomainName);

   var ar = await authContext.AcquireTokenAsync(resourceUri,
                ucSettings.ApplicationId,
                new UserCredential("myusername", "mypassword"));


   return new OAuthToken(ar.AccessTokenType, ar.AccessToken, ar.ExpiresOn.Ticks);
});

var app = await UcwaApp.Create365UcwaApp(ucSettings, acquireTokenFunc);

It should be of course possible to avoid hard-coding username and password using ADAL, but this was easier for PoC and especially in case of Console Application as you asked

Answer 2

I've just blogged about this using a start-to-finish example , hopefully it will help you. I only go as far as signing in, but you can use it with another post I've done on sending IMs using Skype Web SDK here (see day 13 and 14) and combine the two, it should work fine.

-tom

Answer 3

Similar to Massimo's solution, I've created a Skype for Business Online C# based console app that demonstrates how to sign and use UCWA to create/list/delete meetings and change user presence. I haven't gotten around to extending it to send IM's, but you're certainly welcome to clone my repository and extend it to your needs. Just drop in your Azure AD tenant name and native app ID into the code.

Answer 4

I think they just turned this on today - I was doing something unrelated with the Skype Web SDK samples and had to create a new Azure AD app, and noticed that there are two new preview features for receiving conversation updates and changing user information.

Now everything in the Github samples works for Skype For Business Online.