Yammer API auth with Files in SharePoint Online

Published Oct 14 2019 12:34 PM 31.3K Views
Microsoft

Yammer Files in SharePointYammer Files in SharePoint

Update February 24, 2020: Removing the temporary support that associates AAD tokens with Yammer OAuth tokens at the end of March 2020.

 

What's happening?

We’re rolling out a new feature where all new files uploaded into Microsoft 365 Connected Yammer Groups will be stored in SharePoint Online by default. With files stored in SharePoint Online, third-party apps using Yammer authentication to access Yammer Files API endpoints and performing file operations (such as upload, preview, download and delete) will get an error on those API calls. 

 

Reason: The Yammer OAuth token does not include Azure Active Directory (AAD) claims, which is required for accessing files stored in SharePoint Online.

 

What are we doing?

We have been providing temporary support that allows third-party apps using Yammer Authentication to access Yammer Files endpoints to perform file operations (such as upload, preview, download and delete) on files in SharePoint by associating Azure Active Directory (AAD) tokens with Yammer OAuth tokens.

 

We are now moving to the next stage of the migration; we will begin removing the temporary support that associates AAD tokens with Yammer OAuth tokens at the end of March 2020. 

 

This temporary support will be fully removed by the end of April and after that third-party apps using Yammer Authentication to access Yammer Files endpoints to perform file operations will no longer be able to successfully access the files and those API calls will receive an error.  

 

We have recently changed auth requirements for third-party apps to conduct operations on Yammer files API, with Yammer files moving to SharePoint Online. We’re providing advance notice to help you prepare for this change, help resolve issues, and improve documentation and guidance.

 

What can you do?

You can continue to use the Yammer Files API to access files in Yammer storage without any further action.

However, if you have a third-party application that needs to perform operations on Yammer files stored in SharePoint Online for Microsoft 365 Connected Yammer groups, then we recommend that your application uses AAD authentication and leverages AAD libraries to refresh AAD claims when they expire. If AAD claims are missing or expired, then file operations will be rejected.

 

For more information on how to generate and manage AAD Access Tokens, see the Authentication Libraries page.

 

We are also previewing a new API to upload files into Yammer Groups. An AAD token is required for uploading files into an Microsoft 365 Connected Yammer Group. Read the documentation here.

 

As Yammer integrates further into Microsoft 365, we’re excited for additional platform opportunities through the Azure Active Directory. Recently, we announced preview support for using AAD tokens with all documented Yammer v1 APIs and are working on adding more support. Check out the resources below for information on creating an AAD app and calling Yammer APIs. We encourage the developer community to explore developing their Yammer apps in Azure AD. There’s also code samples in Yammer’s GitHub repo and in the links below.

 

The following limitations have been identified and we’re planning on addressing them:

  • Impersonation/Delegation scenarios: Currently not supported; we’re looking into supporting AAD delegation scenarios for SharePoint file operations (accessing data on behalf of other users).
  • Multiple scopes: An access token issued from Azure AD only available for one workload, such as Yammer, Teams, SharePoint, etc. You can't use the same access token for multiple workloads.
  • Single Page application: If you are using a single page Azure AD application that uses implicit grant flow, then your Azure AD application needs to be mapped to its corresponding Yammer platform application. Please provide details about your application in this form and our team will be in touch with you.

We’re interested in all your feedback so please be sure to comment on this blog. If you would like to discuss in detail then please email us or join the Monthly Yammer Platform and API Office Hours, first Wednesday of every Month from 11am to 12pm Pacific Time. We realize that this time may not be convenient for all our partners and customers, so we're considering expanding the office hours to other time zones in the near future. We're looking forward to engaging with you. Thank you!

 

Resources from this blog:

1 Comment
Senior Member

Hello, is it possible to have an idea of when the impersonation/delegation functionnality will be available ? 

%3CLINGO-SUB%20id%3D%22lingo-sub-1016701%22%20slang%3D%22fr-FR%22%3ERe%3A%20Yammer%20API%20auth%20with%20Files%20in%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1016701%22%20slang%3D%22fr-FR%22%3E%3CP%3EHello%2C%20is%20it%20possible%20to%20have%20an%20idea%20of%20when%20the%20impersonation%2Fdelegation%20functionnality%20will%20be%20available%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-834874%22%20slang%3D%22en-US%22%3EYammer%20API%20auth%20with%20Files%20in%20SharePoint%20Online%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-834874%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Screen%20Shot%202019-10-14%20at%2010.42.10%20AM.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F137481iB7B39CB396D7FA24%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screen%20Shot%202019-10-14%20at%2010.42.10%20AM.png%22%20alt%3D%22Yammer%20Files%20in%20SharePoint%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EYammer%20Files%20in%20SharePoint%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUpdate%20February%2024%2C%202020%3C%2FSTRONG%3E%3A%20Removing%20the%20temporary%20support%20that%20associates%20AAD%20tokens%20with%20Yammer%20OAuth%20tokens%20at%20the%20end%20of%20March%202020.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat's%20happening%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%E2%80%99re%20rolling%20out%20a%20new%20feature%20where%20all%20new%20files%20uploaded%20into%20Microsoft%20365%20Connected%20Yammer%20Groups%20will%20be%20stored%20in%20SharePoint%20Online%20by%20default.%20With%20files%20stored%20in%20SharePoint%20Online%2C%20third-party%20apps%20using%20Yammer%20authentication%20to%20access%20Yammer%20Files%20API%20endpoints%20and%20performing%20file%20operations%20(such%20as%20%3CEM%3Eupload%3C%2FEM%3E%2C%20%3CEM%3Epreview%3C%2FEM%3E%2C%20%3CEM%3Edownload%3C%2FEM%3E%20and%20%3CEM%3Edelete)%20%3C%2FEM%3Ewill%20get%20an%20error%20on%20those%20API%20calls.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EReason%3A%26nbsp%3B%3C%2FSTRONG%3EThe%20Yammer%20OAuth%20token%20does%20not%20include%20Azure%20Active%20Directory%20(AAD)%20claims%2C%20which%20is%20required%20for%20accessing%20files%20stored%20in%20SharePoint%20Online.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20are%20we%20doing%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EWe%20have%20been%20providing%20temporary%20support%26nbsp%3Bthat%20allows%20third-party%20apps%20using%20Yammer%20Authentication%20to%20access%20Yammer%20Files%20endpoints%20to%20perform%20file%20operations%20(such%20as%20upload%2C%20preview%2C%20download%20and%20delete)%20on%20files%20in%20SharePoint%20by%20associating%20Azure%20Active%20Directory%20(AAD)%20tokens%20with%20Yammer%20OAuth%20tokens.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20now%20moving%20to%20the%20next%20stage%20of%20the%20migration%3B%20we%26nbsp%3Bwill%20begin%20removing%20the%20temporary%20support%20that%20associates%20AAD%20tokens%20with%20Yammer%20OAuth%20tokens%20at%20the%20end%20of%20March%202020.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20temporary%20support%20will%20be%20fully%20removed%20by%20the%20end%20of%20April%20and%20after%20that%26nbsp%3Bthird-party%20apps%20using%20Yammer%20Authentication%20to%20access%20Yammer%20Files%20endpoints%20to%20perform%20file%20operations%20will%20no%20longer%20be%20able%20to%20successfully%20access%20the%20files%20and%20those%20API%20calls%20will%20receive%20an%20error.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%22%3EWe%20have%20recently%20changed%20auth%20requirements%20for%20third-party%20apps%20to%20conduct%20operations%20on%20Yammer%20files%20API%2C%20with%20Yammer%20files%20moving%20to%20SharePoint%20Online.%20We%E2%80%99re%20providing%20advance%20notice%20to%20help%20you%20prepare%20for%20this%20change%2C%20help%20resolve%20issues%2C%20and%20improve%20documentation%20and%20guidance.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhat%20can%20you%20do%3F%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EYou%20can%20continue%20to%20use%20the%20Yammer%20Files%20API%20to%20access%20files%20in%20Yammer%20storage%20without%20any%20further%20action.%3C%2FP%3E%0A%3CP%3EHowever%2C%20if%20you%20have%20a%20third-party%20application%20that%20needs%20to%20perform%20operations%20on%20Yammer%20files%20stored%20in%20SharePoint%20Online%20for%20Microsoft%20365%20Connected%20Yammer%20groups%2C%20then%20we%20recommend%20that%20your%20application%20uses%20AAD%20authentication%20and%20leverages%20AAD%20libraries%20to%20refresh%20AAD%20claims%20when%20they%20expire.%20If%20AAD%20claims%20are%20missing%20or%20expired%2C%20then%20file%20operations%20will%20be%20rejected.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20more%20information%20on%20how%20to%20generate%20and%20manage%20AAD%20Access%20Tokens%2C%20see%20the%20-ERR%3AREF-NOT-FOUND-Authentication%20Libraries%20page.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20also%20previewing%20a%20new%20API%20to%20upload%20files%20into%20Yammer%20Groups.%20An%20AAD%20token%20is%20required%20for%20uploading%20files%20into%20an%20Microsoft%20365%20Connected%20Yammer%20Group.%20Read%20the%20documentation%20-ERR%3AREF-NOT-FOUND-here.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3E%26nbsp%3B%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EAs%20Yammer%20integrates%20further%20into%20Microsoft%20365%2C%20we%E2%80%99re%20excited%20for%20additional%20platform%20opportunities%20through%20the%20Azure%20Active%20Directory.%20Recently%2C%20we%20announced%20preview%20support%20for%20using%20AAD%20tokens%20with%20all%20documented%20Yammer%20v1%20APIs%20and%20are%20working%20on%20adding%20more%20support.%20Check%20out%20the%20resources%20below%20for%20information%20on%20creating%20an%20AAD%20app%20and%20calling%20Yammer%20APIs.%20We%20encourage%20the%20developer%20community%20to%20explore%20developing%20their%20Yammer%20apps%20in%20Azure%20AD.%20There%E2%80%99s%20also%20code%20samples%20in%20-ERR%3AREF-NOT-FOUND-Yammer%E2%80%99s%20GitHub%20repo%20and%20in%20the%20links%20below.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20following%20limitations%20have%20been%20identified%20and%20we%E2%80%99re%20planning%20on%20addressing%20them%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EImpersonation%2FDelegation%20scenarios%3A%20%3C%2FSTRONG%3ECurrently%20not%20supported%3B%20we%E2%80%99re%20looking%20into%20supporting%20AAD%20delegation%20scenarios%20for%20SharePoint%20file%20operations%20(accessing%20data%20on%20behalf%20of%20other%20users).%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EMultiple%20scopes%3C%2FSTRONG%3E%3A%20An%20access%20token%20issued%20from%20Azure%20AD%20only%20available%20for%20one%20workload%2C%20such%20as%20Yammer%2C%20Teams%2C%20SharePoint%2C%20etc.%20You%20can't%20use%20the%20same%20access%20token%20for%20multiple%20workloads.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3ESingle%20Page%20application%3A%20%3C%2FSTRONG%3EIf%20you%20are%20using%20a%20single%20page%20Azure%20AD%20application%20that%20uses%20implicit%20grant%20flow%2C%20then%20your%20Azure%20AD%20application%20needs%20to%20be%20mapped%20to%20its%20corresponding%20Yammer%20platform%20application.%20Please%20provide%20details%20about%20your%20application%20in%20this%20-ERR%3AREF-NOT-FOUND-%3CSTRONG%3Eform%3C%2FSTRONG%3E%20and%20our%20team%20will%20be%20in%20touch%20with%20you.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EWe%E2%80%99re%20interested%20in%20all%20your%20feedback%20so%20please%20be%20sure%20to%20comment%20on%20this%20blog.%26nbsp%3BIf%20you%20would%20like%20to%20discuss%20in%20detail%20then%20please%20-ERR%3AREF-NOT-FOUND-email%20us%20or%20join%20the%20-ERR%3AREF-NOT-FOUND-%3CSTRONG%3EMonthly%20Yammer%20Platform%20and%20API%20Office%20Hours%3C%2FSTRONG%3E%2C%20first%20Wednesday%20of%20every%20Month%20from%2011am%20to%2012pm%20Pacific%20Time.%20We%20realize%20that%20this%20time%20may%20not%20be%20convenient%20for%20all%20our%20partners%20and%20customers%2C%20so%20we're%20considering%20expanding%20the%20office%20hours%20to%20other%20time%20zones%20in%20the%20near%20future.%20We're%20looking%20forward%20to%20engaging%20with%20you.%20Thank%20you!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EResources%20from%20this%20blog%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fyammer%2Fmanage-yammer-groups%2Fyammer-and-office-365-groups%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EYammer%20and%20Files%20in%20SharePoint%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fhow-do-i-tell-where-my-yammer-files-are-being-stored-fadfdefa-e00d-40b6-94cb-a9ddb171a443%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EHow%20to%20tell%20where%20your%20Yammer%20files%20are%20stored%3F%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Freference-v2-libraries%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20identity%20platform%20authentication%20libraries%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E-ERR%3AREF-NOT-FOUND-Uploading%20Files%20into%20Yammer%20Groups%20over%20API%20(New)%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.yammer.com%2Fdocs%2Fauthentication-1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYammer%20authentication%20tokens%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FYammerAPI%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EYammer%20Developer%20API%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fyammer%2Fcode_samples%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EYammer%20GitHub%20code%20samples%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.yammer.com%2Fv1.0%2Fdocs%2Fsteps-to-create-a-yammer-application-in-azure-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ESteps%20to%20create%20an%20Azure%20AD%20Yammer%20application%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FYammer-Blog%2FYammer-API-with-AAD-tokens-Postman-Collection%2Fba-p%2F857923%22%20target%3D%22_blank%22%3EPostman%20collection%20Yammer%20API%20with%20AAD%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-implicit-grant-flow%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20Implicit%20Grant%20Flow%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fsample-v1-code%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20sample%20applications%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fteams.microsoft.com%2Fl%2Fmeetup-join%2F19%253ameeting_YTI5ZThhYTktMjI1Ny00MWY0LTliMzEtMThhYTM0MGY2NTc2%2540thread.v2%2F0%3Fcontext%3D%257b%2522Tid%2522%253a%252272f988bf-86f1-41af-91ab-2d7cd011db47%2522%252c%2522Oid%2522%253a%25221cc49923-1791-4b57-82fe-e4eb27b9cfca%2522%257d%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EYammer%20Platform%20and%20API%20Office%20Hours%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3Dv4j5cvGGr0GRqy180BHbRyOZxByRF1dLgv7k6ye5z8pUNEJOREVWQ1k3QkNXQTVJRURGOE9WQjVHRS4u%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EForm%20to%20provide%20details%20about%20your%20Single%20Page%20Yammer%20application%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-834874%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20are%20changes%20to%20auth%20requirements%20for%20third-party%20apps%20to%20conduct%20operations%20on%20Yammer%20files%20API%2C%20with%20Yammer%20files%20moving%20to%20SharePoint%20Online.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-834874%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EYammer%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎May 26 2020 10:27 AM
Updated by: