Delegated | ‍️ Closure-based delegation without memory leaks

In our project we are trying to integrate MS Teams with Web application using MS Graph API.use case is OnlineMeeting for Virtual Events.the attendees may or may not have microsoft account.

Created Azure Ad Account and created new tenant and created new user(given Global Administrator role) and registered new Application and given required API permission users.readWrite.all and onlineMreeting.readWrite.all to Application and Delegated Users.

Initially i was using UserCredientials flow(no manual authentication since its not in our usecase user should be authenticated automatically through java) to get accessToken.since its not recommended to use username and credientials(ROPC flow),so now trying to get accessToken only using clientId and clientSecret using adal4j and i am able to get accesstoken but not able to use token for endpoints with /me/onlineMeeting.since token doesnt contain required permission and scope.

so i had tried to reach endpoint with token got from clientid and secret using /users/{id}/onlineMeeting but it gives error like Application does not have permission to Create online meeting on behalf of this user

referred https://docs.microsoft.com/en-us/graph/cloud-communication-online-meeting-application-access-policy its mentioned to change access-policy.

is there any way to create online meeting on behalf of user without changing access policy? to create onlinemeeting on behalf of user do we need skype business account?

onlinemeeting can created by two endpoint /onlineMeeting & /events

so does /event in calender api require any additional previlages like office365 license to create online meeting?

to implement these usecase whats the microsoft account Type,azure ad account and what are all the license and azure subscription need?

to create onlinemeeting only with dialin do we need any special license

I am trying to access azure blob for file uploads from .NET. I want to use user delegation SAS token here since they are considered secure. I can find many documentation for the .NET 12 library which uses the Azure.Identity and Azure.Storage namespaces.

But the project I'm working on does not has this libraries available, it has the Microsoft.WindowsAzure namespace available since it is an older .NET azure SDK. Now I cannot update to the latest versions so I am stuck with the older SDK and am unable to find documentation for accessing blobs using SAS in older SDK. I tried to see the new classes and find similar ones in the older SDK but many methods/classes are missing or different.

If you have any reference or resource on how to use the Microsoft.WindowsAzure older SDK to access blob content using user delegated SAS key, plese share. Currently we use the storage access key for blob acccess.

I am considering porting a legacy pipeline that builds and tests Docker/OCI images into GitLab CI/CD. I already have a GitLab Runner in a Kubernetes cluster and it's registered to a GitLab instance. Testing a particular image requires running certain commands inside (for running unit tests, etc.). Presumably this could be modeled by a job my_test like so:

I am updating an user's password via nodejs-graph-API application(with Application token) with below endpoint

PATCH /users/{userId}

I think I'm getting close but I can't figure out why my code isn't working as expected. I want to scrape the data from the first page, then click the next (arrow) button and move to the next page and do the same and so on until the next arrow button is greyed out, at which point the driver should quit. Any help would be much appreciated. Here is the code:

I'm developing a background application (no user interaction will be possible) and I want to automate getting all emails from certain mail boxes using the Graph API. I am facing some issues though:

1. If I use application permissions I get access to every mailbox in the organization which is not a good solution. Is it possible to limit the access to certain mailboxes? We are using On-premise Exchange and not Exchange Online so this link is not relevant (https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access).

2. It I use delegated permissions the app will need user interaction (as far as I can tell) but that will not be possible as it should run in the background. I am looking at the different flows for authentication but none of them really fit my need. Maybe it can be done with the Refresh Token Flow but it seems vulnerable. Is it possible to use delegated permissions without user interaction? If yes, what is the best approach?

Best regards J

I know how SAML works and I know how OAuth and OPENIDConnect works. I know that SAML is for authentication and OAuth for authorization. but in certain articles it is mentioned that when in 2007 iPhone came in SAML lacked authentication in that case ( for mobile apps ), I am unable to understand that besides delegated authorization, why we needed OAuth to tackle mobile authentication problem ( now being done by OPENIDConnect ) Or how SAML was unable to deal with that issue. can someone help resolve this confusion. Thanks

I'm having difficulty to understand Type of property when using delegated property. For example, from this Jetpack Compose documentation, it says both things are same.

I have implemented a application gateway in azure using terraform.

My terraform code builds up a vent,application gateway, subnet,app service and app service plan.

Everything works just fine, and I am able to access the app service using the application gateway public ip. The only problem is that I can access the app service from its own endpoint too, and I would like to restrict this access only throu my application gateway, so if somebody tried to access the app service directly, it should get a 403 error.

Doing some research, I managed to achieve this from the terminal >> app service >> Networking

But I would like to automate this process with terraform. and here is were I am stuck.

Because the only source I found refers to "azurerm_app_service_slot_virtual_network_swift_connection" but that resource requires a app service slot which I don't want or need.

I was wondering, how can I implement the Networking access restriction to the app service?

here is my code and how I am building my infra:

networking.tf