I'm trying to wrap my head around the samples and access patterns that I see on github and on the CloudIdentity blog and wondering if anyone can offer a pointer.
My app needs to read the Office 365 directory on a scheduled, unattended basis and today I'm doing that though PowerShell. A customer provides credentials for an Office 365 account, and then we use those credentials to make PowerShell commands to the Exchange endpoint (Get-User, Get-Mailbox, etc).
It seems as though Azure Active Directory may offer advantages to the PowerShell approach, but I'm still trying to understand if it's possible. In this scenario, I anticipate that a user would log on to a web page in our web site with their Office 365 credentials, they'd see a dialog detailing what access privileges our app would have to their Active Directory and if they choose OK, then our app would be provisioned in the list of Applications in their directory. At any time of course they can revoke our access.
A question that's not clear to be is what token we'd need to store for subsequent unattended accesses to their directory. A lot of the samples create OAuth tokens as a result of a user login and then use those tokens for directory access. In my case, I need access to take place at a later time.
Are there any particularly relevant samples that you could recommend?