快速入门:从 Android 应用登录用户并调用 Microsoft Graph APIQuickstart: Sign in users and call the Microsoft Graph API from an Android app

适用于:Applies to:
  • Azure AD v1.0 终结点Azure AD v1.0 endpoint
  • Azure Active Directory Authentication Library (ADAL)Azure Active Directory Authentication Library (ADAL)

如果你要开发 Android 应用程序,Microsoft 可让 Azure Active Directory (Azure AD) 用户拥有简单直接的登录体验。If you're developing an Android application, Microsoft makes it simple and straightforward to sign in Azure Active Directory (Azure AD) users. Azure AD 允许应用程序通过 Microsoft Graph 或你自己的受保护 Web API 访问用户数据。Azure AD enables your application to access user data through the Microsoft Graph or your own protected web API.

Azure AD 身份验证库 (ADAL) Android 库使用行业标准的 OAuth 2.0 和 OpenID Connect 来支持 Azure Active Directory 帐户,从而使你的应用能够开始使用 Azure 云Microsoft Graph APIThe Azure AD Authentication Library (ADAL) Android library gives your app the ability to begin using the Azure Cloud and Microsoft Graph API by supporting Azure Active Directory accounts using industry standard OAuth 2.0 and OpenID Connect.

在本快速入门中,你将学习如何:In this quickstart, you'll learn how to:

  • 获取 Microsoft Graph 的令牌Get a token for the Microsoft Graph
  • 刷新令牌Refresh a token
  • 调用 Microsoft GraphCall the Microsoft Graph
  • 注销用户Sign out the user

先决条件Prerequisites

若要开始操作,你需要一个可在其中创建用户和注册应用程序的 Azure AD 租户。To get started, you'll need an Azure AD tenant where you can create users and register an application. 如果还没有租户,请 了解如何获取租户If you don't already have a tenant, learn how to get one.

方案:让用户登录并调用 Microsoft GraphScenario: Sign in users and call the Microsoft Graph

显示 Azure AD 和 Android 拓扑

可以将此应用用于所有 Azure AD 帐户。You can use this app for all Azure AD accounts. 它同时支持单租户方案和多租户方案(分步讨论)。It supports both single-tenant and multi-tenant scenarios (discussed in steps). 它演示了如何生成应用来连接企业用户并通过 Microsoft Graph 访问其 Azure 和 O365 数据。It demonstrates how you can build apps to connect with enterprise users and access their Azure + O365 data through the Microsoft Graph. 在身份验证流中,最终用户需要登录该应用程序并同意其权限,某些情况下可能需要管理员同意该应用。During the auth flow, end users will be required to sign in and consent to the permissions of the application, and in some cases may require an admin to consent to the app. 本示例中的大部分逻辑展示了如何对最终用户进行身份验证并对 Microsoft Graph 进行基本调用。The majority of the logic in this sample shows how to auth an end user and make a basic call to the Microsoft Graph.

代码示例Sample code

可以在 GitHub 上找到完整的示例代码。You can find the full sample code on GitHub.

// Initialize your app with MSAL
AuthenticationContext mAuthContext = new AuthenticationContext(
        MainActivity.this,
        AUTHORITY,
        false);


// Perform authentication requests
mAuthContext.acquireToken(
    getActivity(),
    RESOURCE_ID,
    CLIENT_ID,
    REDIRECT_URI,
    PromptBehavior.Auto,
    getAuthInteractiveCallback());

// ...

// Get tokens to call APIs like the Microsoft Graph
mAuthResult.getAccessToken()

步骤 1:注册并配置应用Step 1: Register and configure your app

需要使用 Azure 门户向 Microsoft 注册一个本机客户端应用程序。You will need to have a native client application registered with Microsoft using the Azure portal.

  1. 开始注册应用Getting to app registration

    • 导航到 Azure 门户Navigate to the Azure portal.
    • 选择“Azure Active Directory” > “应用注册”。Select Azure Active Directory > App Registrations.
  2. 创建应用程序Create the app

    • 选择“新注册”。 Select New registration.
    • 在“名称”字段中输入应用名称 。Enter an app name in the Name field.
    • 在“支持的帐户类型”下,选择“任何组织目录中的帐户”。 Under Supported account types, select Accounts in any organizational directory.
    • 另外,请从下拉列表中选择“公共客户端(移动和桌面)”并输入 http://localhostIn Redirect URI, select Public client (mobile and desktop) from the dropdown and enter http://localhost.
    • 单击“注册” 。Click Register.
  3. 配置 Microsoft GraphConfigure Microsoft Graph

    • 选择“API 权限” 。Select API permissions.
    • 选择“添加权限”,在“选择 API”中选择“Microsoft Graph” 。Select Add a permission, inside Select an API select Microsoft Graph.
    • 在“委托的权限” 下,选择 User.Read 权限,然后点击“添加” 以保存。Under Delegated permissions, select the permission User.Read, then hit Add to save.
  4. 恭喜!Congrats! 应用已配置成功。Your app is successfully configured. 在下一部分中,你需要:In the next section, you'll need:

    • Application ID
    • Redirect URI

步骤 2:获取示例代码Step 2: Get the sample code

  1. 克隆代码。Clone the code.
    git clone https://github.com/Azure-Samples/active-directory-android
    
  2. 在 Android Studio 中打开示例。Open the sample in Android Studio.
    • 选择“打开现有 Android Studio 项目” 。Select Open an existing Android Studio project.

步骤 3:配置代码Step 3: Configure your code

可以在 src/main/java/com/azuresamples/azuresampleapp/MainActivity.java 文件中找到此代码示例的所有配置。You can find all the configuration for this code sample in the src/main/java/com/azuresamples/azuresampleapp/MainActivity.java file.

  1. 将常量 CLIENT_ID 替换为 ApplicationIDReplace the constant CLIENT_ID with the ApplicationID.
  2. 将常量 REDIRECT URI 替换为之前配置的 Redirect URI (http://localhost)。Replace the constant REDIRECT URI with the Redirect URI you configured earlier (http://localhost).

步骤 4:运行示例Step 4: Run the sample

  1. 选择“生成”>“清理项目” 。Select Build > Clean Project.
  2. 选择“运行”>“运行应用” 。Select Run > Run app.
  3. 该应用应生成并显示一些基本的 UX。The app should build and show some basic UX. 单击 Call Graph API 按钮时,它将提示登录,然后自动使用新令牌调用 Microsoft Graph API。When you click the Call Graph API button, it will prompt for a sign in, and then silently call the Microsoft Graph API with the new token.

后续步骤Next steps

  1. 有关库机制以及如何配置新方案和功能的详细信息,请查看 ADAL Android WikiCheck the ADAL Android Wiki for more info on the library mechanics and how to configure new scenarios and capabilities.
  2. 在本机方案中,应用将使用嵌入式 Web 视图,并且不会退出应用。In Native scenarios, the app will use an embedded Webview and will not leave the app. Redirect URI 可以是任意值。The Redirect URI can be arbitrary.
  3. 发现任何问题或有任何要求?Find any problems or have requests? 可以在 Stack Overflow 上使用标记 azure-active-directory 创建问题或发贴。You can create an issue or post on Stack Overflow with the tag azure-active-directory.

身份验证遥测Auth telemetry

ADAL 库公开身份验证遥测来帮助应用开发人员了解其应用的行为并创造更好的体验。The ADAL library exposes auth telemetry to help app developers understand how their apps are behaving and build better experiences. 这使你可以捕获成功的登录、活跃用户以及其他一些有趣的见解。This allows you to capture sign in success, active users, and several other interesting insights. 使用身份验证遥测时,需要应用开发人员建立遥测服务来聚合和存储事件。Using auth telemetry does require app developers to establish a telemetry service to aggregate and store events.

若要了解有关身份验证遥测的详细信息,请查看 ADAL Android auth telemetry(ADAL Android 身份验证遥测)。To learn more about auth telemetry, checkout ADAL Android auth telemetry.