CKS:DEV
The
SharePoint
Cowboy
Patterns
&
Practices
Eric Shupps
www.sharepointcowboy.com eshupps@binarywave.com facebook.co...
authorization
Resource
Owner
Grants access to
a protected
resource
Resource
Server
Hosts the
protected
resource and
accepts access
reque...
Client
Resource
Owner
Authorization
Server
Resource
Server
Authorization Request
Authorization Grant
Authorization Grant
A...
User requests access App requests
Request Token
Provider returns
Request Token
App builds auth link
w/ Request Token
User ...
User requests access App requests Access
Token
Provider returns
Access Token
App builds auth link
w/ Access Token
User req...
Manages identity information for principals (STS)Identity Provider
Handles requests for trusted identity claimsSecurity To...
App establishes context
SP validates S2S trust
App requests access token from SP
Browser POSTS parameters to App
SP return...
OnPremise
Online
Establish client context
Get access token with S2S
Get claims from Windows identity
Get request parameter...
Client ID App URL
Tenant ID
Tenant IDAzure ACS
Start
End
SharePoint
Tenant ID
User ID + Issuer + App + Realm
IP-STS URL
Br...
{
"typ":"JWT"
"alg":"RS256"
"x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":"00000003-0000-0ff1-ce00- 000000000000
/binarywave...
Description Link
OAuth Working Group http://oauth.net/
OAuth Resource Guide http://bit.ly/14CWPNb
Authorization and authen...
Explore
Give Feedback
Get Answers
Play
Follow
Patterns and practices
30+ Visual Studio projects
Common scenarios
Contribute
OFC-B254 Integrating Yammer and Microsoft SharePoint Using .NET
DEV-B230 Most Commonly Asked for On-Premises Customization...
DEV-B232 Creating Cloud Hosted Line-of-Business Applications with Apps for Office,
Microsoft Office 365, Microsoft Azure, ...
EXM04 Exam Prep: 70-331 and 70-332
www.microsoft.com/learning
http://microsoft.com/msdnhttp://microsoft.com/technet
http://channel9.msdn.com/Events/TechEd
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013
Upcoming SlideShare
Loading in...5
×

TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013

291

Published on

Slides from TechEd North America 2014 session DEVB389 - Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
291
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

TechEd NA 2014 - DEVB389 - Working with OAuth in SharePoint 2013

  1. 1. CKS:DEV The SharePoint Cowboy Patterns & Practices Eric Shupps www.sharepointcowboy.com eshupps@binarywave.com facebook.com/sharepointcowboy @eshupps CKS:DEV The SharePoint Cowboy Patterns & Practices www.sharepointcowboy.com eshupps@binarywave.com slideshare.net/eshupps
  2. 2. authorization
  3. 3. Resource Owner Grants access to a protected resource Resource Server Hosts the protected resource and accepts access requests Client Application making protected resource requests on behalf of the resource owner Authorization Server Issues access tokens
  4. 4. Client Resource Owner Authorization Server Resource Server Authorization Request Authorization Grant Authorization Grant Access Token Access Token Protected Resource
  5. 5. User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3
  6. 6. User requests access App requests Access Token Provider returns Access Token App builds auth link w/ Access Token User requests URL + Access Token App validates access token Access token validated User granted access 1 2
  7. 7. Manages identity information for principals (STS)Identity Provider Handles requests for trusted identity claimsSecurity Token Service Identity provider associated with a web applicationIdentity Token Issuer Trusted resource (farm, server, etc.)Security Token Issuer Resource information and signing certificate (JSON)Metadata Endpoint Used to request permission to protected resourceRequest Token Used by App to access resource on behalf of userAccess Token Operation scope for authorizationRealm Cloud-based security token service (IP-STS)Azure ACS
  8. 8. App establishes context SP validates S2S trust App requests access token from SP Browser POSTS parameters to App SP returns parameters User browses to App OnPremise App establishes context ACS provides access token App requests access token from ACS Browser POSTS request token to app SP sends request tokens to browser SP gets request token from ACS User browses to app Online
  9. 9. OnPremise Online Establish client context Get access token with S2S Get claims from Windows identity Get request parameters Get client context from SP with access token Get access token Read and validate context token Parse out Context Token Get POST parameters from SP
  10. 10. Client ID App URL Tenant ID Tenant IDAzure ACS Start End SharePoint Tenant ID User ID + Issuer + App + Realm IP-STS URL Browser or Event Receiver Token sent to IP-STS (Azure ACS)
  11. 11. { "typ":"JWT" "alg":"RS256" "x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":"00000003-0000-0ff1-ce00- 000000000000 /binarywaveinc.sharepoint.com@2ae1caa2-a173-4989-b8f5-9da45655b8f4" "iss":"00000001-0000-0000-c000-000000000000@2ae1caa2-a173-4989-b8f5-9da45655b8f4" "nbf":1400013357 "exp":1400056557 "nameid":"1003000086ad02d6" "actor":"c90047b7-392a-42e7-8c52-65afa92e5d0d@2ae1caa2-a173-4989-b8f5-9da45655b8f4" "identityprovider":"urn:federation:microsoftonline“ } SharePoint Host Web Tenant ID Start Azure ACS Tenant ID End Tenant ID UPN STS ID
  12. 12. Description Link OAuth Working Group http://oauth.net/ OAuth Resource Guide http://bit.ly/14CWPNb Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3 Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl What’s new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv Creating High-Trust apps with S2S http://bit.ly/18RL8uL Using O365 to Authorize On-Premise Apps http://bit.ly/1fvv1Bo
  13. 13. Explore Give Feedback Get Answers Play Follow
  14. 14. Patterns and practices 30+ Visual Studio projects Common scenarios Contribute
  15. 15. OFC-B254 Integrating Yammer and Microsoft SharePoint Using .NET DEV-B230 Most Commonly Asked for On-Premises Customizations Reimagined as Applications for SharePoint DEV-B319 Get Started Developing Applications for Microsoft Office and SharePoint Server 2013 DEV-B231 Office Power Hour: New Developer APIs and Features for Applications for Office DEV-B227 Anyone Can Build a SharePoint Application with Microsoft Access OFC-B274 Implementing Microsoft SharePoint 2013 Hybrid for Search, Business Connectivity Services, Microsoft OneDrive for Business and Yammer
  16. 16. DEV-B232 Creating Cloud Hosted Line-of-Business Applications with Apps for Office, Microsoft Office 365, Microsoft Azure, and Windows Phone 8 OFC-B311 A Practical Use of External Data Sources DEV-B357 Developing Office 365 Cloud Business Applications DEV-B387 Deep Dive into Mail Compose Applications APIs DEV-B386 Setting Up Your On-Premises Environment for App Development DEV-B228 Build Connected Productivity Apps for SharePoint and Office DEV-B390 SharePoint Power Hour: New Developer APIs and Features for Apps for SharePoint DEV-B389 Who Are You and What Do You Want? Working with OAuth in Microsoft SharePoint 2013
  17. 17. EXM04 Exam Prep: 70-331 and 70-332
  18. 18. www.microsoft.com/learning http://microsoft.com/msdnhttp://microsoft.com/technet http://channel9.msdn.com/Events/TechEd
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×