Input need for integration with Microsoft Graph Api - authentication flow

Hi fellow developers.

I am doing an app, where I want to integrate with Microsoft To Do. I’m developing an app with a card to create a task to a provided list. I really like Microsoft To Do and want to integrate with flows and think its useful for others as well.
Perhaps in the future, I want to integrate with Microsoft Teams as well.

Microsoft To Do, and Teams, a Microsoft account is required. Microsoft personal account is what this app will support.
To integrate with Microsoft To Do - one way is to use Graph Api.

The following flow is required:

  1. Authenticate with Microsoft Identity
  • Register an app in Azure Entra Directory (generic Homey-app on “my account”)
  • Setup permissions for this app to specific Graph Api (in this case Tasks.ReadWrite)
  • Trigger authentication flow from Homey-app to “concent” the logged in user (A)
    • The user will have to accept that Homey-app will access Tasks etc. - in a popup.
  1. Integration with Microsoft To Do
  • From the homey app, call and get a Bearer token in return, use this bearer token for further Graph Api actions.
    • To do so, the login-call must be provided with a “secret” wich is setup in App Registration

My findings so far
A I am able to do a partial authentication in a popup, by trigger a popup:${clientId}&response_type=code&;

Most flows, ends with a callback. This callback calls your backend and is exposed by web. But with Homey I do not think it is possible to expose a callback url - also running a Homey app inside a node/container does not have a direct url for external services to call.

I know the description for this is kinda messy, have been struggling with this for while now and quite confused atm.
I’ve done Microsoft Authentication before, but inside Azure with msal and a lot of this is “automatic”. But with Homey-App and simple http-client - I’m struggling here :slight_smile:

I know this can be achieved, I’ve seen it done in like Tesla App and also the Discord App.
But I’ve found very little information about doing so, so maybe one of you, in this community, have a solution or input needed for me to complete this authentication flow.

Also from the description in Homey Cli, the optimal way is to make a repair option, but then I will have to provide own html pages, which I dont have a template to. Maybe someone can provide a template for this.

What am I looking for
Someone who can explain how this can be achieved. Also I could be missing a piece, in the puzzle, where the authentication flow, will provide me with a personal token or somehing to provide to the Microsoft Identity, that identifies the user X so that I can target that specific Microsoft-account.
(from a cookie or something…)

Again, sorry for this fuzzy description, but doing the Tasks operation is super simple - the authentication is a mf’er :slight_smile:
Looking forward to your input or guide me in the right direction maby.

1 Like

If the auth is using oAuth2, then the Athom oAuth module is a good base.
It covers the whole auth and token handling.
You need to add thin node module to your app. Follow the documentation and the examples on Github.

1 Like

Thank you for the input, I will look into this.
Don’t know why I didn’t dig further into this, maybe it was because I thought i was for Homey-logins only.

Hi @RonnyW , thank you for your input. I’ve managed to get this thing working.
I ran into a lot of different issues and variants - kept pushing :slight_smile:

I will delete this thread. Thank you for your input.

On the other hand, I don’t know how to delete this topic.

@Kim_Kokholm Looking forward for your app for Microsoft To Do and maybe Teams latter on. I use them both extensively…

1 Like

The app is live:

I’m also a (fellow) fan of To Do.

1 Like

Great. I’ll try that later today. FYI your link is either private or inaccessible. I could access it with Microsoft To Do App for Homey | Homey

1 Like