VBO Registration using APIs (Modern Authentication)

[flavio.santos]

Hello Guys,

How can I know when the organization finishes the authentication process on the Microsoft side using APIs?

Veeam application knows when the user finished the authentication, and it changes the message from Waiting for user logon... to You are authenticated to Office 365 as user@domain.com



Is there a way to know that using APIs?

Thanks!

[Mildur]

This is only the first step to allow veeam to access O365/AzureAD to create the necessary Azure AD App registration and permission. The step is needed to get the authorization token in the background.

After you have allowed the vbo365 server todo that with this „link and code“, the server will create the following permissions for you automatically:

https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50

Here is an example how it can be used by application developers to access the graph API:
https://docs.microsoft.com/en-us/sample ... -api-text/

[flavio.santos]

I know that Mildur, but how to identify that the user finishes that process using APIs? I mean, in the images above, It's like that I want to automatically click the "Next" button when the user finished the Microsoft code process, but I want to do it in my web portal.

Thanks!

[Mildur]

If you have this window, you are in the process to let veeam do it automatically. There is no manual step involved at that time.

If you need todo it manually, you have to create the azure app Registration by yourself outsite of veeam and choose „ Use an existing Azure AD application“ on this screen.
https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50

[flavio.santos]

Ok, I think I didn't explain all the details. Sorry.

I am not using Veeam Backup Office365 application, I'm using the RestAPIs they offer.

First I use this one to get the device code: https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50

After the user finishes the Microsoft process, I use this one: https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50

But my problem, in the web portal, is how to know that the user finished that? I know that Veeam application has a way to know that, and maybe I can use the same method.

Thanks!

[Mildur]

I‘m very sorry for misunderstanding you.
With RestFul API, I don‘t have any experience.
Eventually Egor or someone else from Veeam can help.

[nielsengelen]

This is not possible in the current release as the userCode is missing from the API response. We will look into resolving this into a future release but I have no ETA for this.

[flavio.santos]

Sorry nielsengelen, but we have the user code in the response: https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50

I was wondering if there is any Microsoft API where we can check if the userCode is already associate with our Veeam application.

[nielsengelen]

Seems I mixed up userCode and deviceCode so let me correct it and explain the logic.

Using the API call you listed, you won't get the correct deviceCode which is required to wait for Microsoft's API to return the correct value when you add an organization. The only place in which this is currently used to simulate the "wait for user" part is when you are performing a login against an already added organization (see my example on GitHub.

The whole Microsoft flow is explained on the Microsoft documentation center and you will see that in the loop part there is a client_id and device_code which is required. It is this device_code which is missing in the VBO API call.

After you do the POST against /v5/Organizations, you'll notice that there are 4 parameters (userCode, verificationUrl, expiresIn, message) but there should be a 5th one called devicecode and that one is missing. You can see this example in action in my blog post.

[flavio.santos]

Thanks, Niels, now I got it.

Let's wait for that parameter in the response. Lol