Hi all,
I've been trying to connect one of our company's APEX applications to our Sharepoint using Microsoft Graph. Certain data will be hidden dependant on the user's MS permissions, so for that reason, Authorisation Code Flow is used. This requires the application to visit the API's endpoint in browser (to validate their Microsoft permissions), which then redirects to a static URL provided on the Graph backend with the new auth code passed via URL. This all works and validates, except that it kills the session state when I do so.
APEX stores the session state in the URL, and Graph requires a static Redirect URI, so it's impossible to my knowledge to redirect to the exact same URL, and my redirect URI must look something like ('https:///apex/f?p=1:999'). As it's static, attempting to put the session ID within the URL causes it to fail, unless that exact session ID has been manually entered into the Graph API's whitelist, which isn't viable. When we redirect, it is now a different session to the one that was initially left.
My other solution was to try and perform the redirect in a popup browser window and then send the code back to the first window, but unfortunately the new window still generates with a new session ID, and immediately invalidates the old session.
I'm a little bit stuck on how to proceed, is anybody able to advise? Happy to provide more information on request. Thank you. :)