SlideShare a Scribd company logo

Deep Dive into Office 365 API for Azure AD

Paul Schaeflein
Paul Schaeflein

This document provides an overview of Office 365 APIs and authentication using Azure Active Directory. It discusses the user authentication flow, OAuth principles, and application authentication flows. It covers development scenarios for provider-hosted apps and Office 365 APIs. Key topics include Azure AD, OAuth tokens, bearer tokens, the provider-hosted app flow, Office 365 clients, the Office 365 discovery service, and programming the OAuth controller.

1 of 69
SPS ATL May 30, 2015 DEEP DIVE INTO OFFICE 365 APIS FOR AZURE ACTIVE DIRECTORY
2 SharePoint Saturday Atlanta2 |SharePoint Saturday Atlanta
3 SharePoint Saturday Atlanta3 |SharePoint Saturday Atlanta
4 SharePoint Saturday Atlanta4 |SharePoint Saturday Atlanta
ABOUT ME Solutions Architect Trainer Hockey fan http://www.schaeflein.net/blog
AGENDA  Azure Active Directory User Authentication Flow  OAuth Primer Application Authentication Flow  Development Scenarios Provider-hosted / SharePoint context O365 OAuth / Discovery / Tokens
AZURE ACTIVE DIRECTORY  Identity and Access Management for the cloud  Can create new directories or manage existing ones in Azure subscription  Used by Office 365 for authentication  Used by Azure for user authentication and application authorization
ORGANIZATIONAL ACCOUNTS  Term for User Accounts in AAD  Required to Access Microsoft Cloud Services  Tenant-Based
LINK OFFICE 365 AND AZURE  Log into Microsoft Azure subscription as administrator  Click on the Active Directory link.  Click New>Active Directory>Directory>Custom Create  Select to Add an Existing Directory  Follow the steps to add an existing directory
USER AUTHENTICATION
USER AUTHENTICATION  Users authenticate to Office 365 using Organizational Account  Users added to directory via O365, Azure Portal, Synchronization
USER AUTHENTICATION
USER AUTHENTICATION Userattemptsto access SharePointonline resource
USER AUTHENTICATION Redirectedto login.microsoftonline.com
USER AUTHENTICATION Loginwith OrganizationalAccount
USER AUTHENTICATION IssueSAMLtoken
USER AUTHENTICATION Presenttoken
USER AUTHENTICATION ReturnFedAuthcookie
USER AUTHENTICATION Subsequentrequests UtilizeFedAuthcookie
OAUTH PRIMER
WHAT IS OAUTH 2.0?  Simple mechanism to grant a third party access to a user’s resources without sharing the user’s password.  Cross platform app authorization  Internet Standard supported by Azure, Facebook, Google, Twitter, and more
OAUTH 2.0 ACTORS  Client: application requesting access to a user’s resources  Resource Owner: the user who can grant rights to the application  Resource Server: the server hosting the protected resources and exposing a web-based API  Authorization Server – server issuing tokens
OAUTH 2.0 ACTORS IN OFFICE 365  Client: SharePoint app, Azure web application, Windows 8 app  Resource Owner: individual or administrator with an Organizational Account in Azure Active Directory  Resource Server: SharePoint, Exchange  Authorization Server: Azure Access Control Services
OAUTH 2.0 TOKENS  Context Token  Information about the Resource Owner & Client  Used to get an Access Token later.  Access Token  A token passed to the Resource Server authorizing the Client to access resources.
OAUTH 2.0 TOKENS  Refresh Token  A token used to get an Access Token from the Authorization Server.  Authorization Code  A code that can be used to register an app on-the-fly
BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) An Access Token can be used by any application that possesses it Always use SSL – OAuth design depends on it! Never expose tokens in JavaScript or allow them to be accessed by client-side debugging tools
BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) If an Access Token is compromised, damage is limited by expiration If a Refresh Token is compromised, damage is limited because the Client ID and Client Secret are required to get an Access Token from a Refresh Token.
DEVELOPMENT SCENARIOS Provider-Hosted Apps What we’ve used in SharePoint Online all along Uses SharePoint-specific tokens Office 365-based Apps Uses service-wide capable tokens
PROVIDER-HOSTED APP Demo
APP PRINCIPALS  Apps are registered with SharePoint Online Client ID / Secret App Host Domain Redirect URL  SharePoint provides registration management pages AppRegNew.aspx AppInv.aspx AppPrincipals.aspx
REGISTER AN APP Generated value Generated value Free text value Azure domain (e.g., myapp.azurewebsites.net) Webaddress (e.g., https://myapp.azurewebsites.net)
PROVIDER-HOSTED APP FLOW  User has Organizational Account  App registered with SharePoint Online  App deployed to SharePoint Online  Remote Web deployed  Client ID and Client Secret defined in AAD
OAUTH 2.0 FLOW PROVIDER-HOSTED APP End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP Userlaunchesapp End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP RequestContexttoken foruser End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned anduserredirectedto app End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP AppextractsRefreshToken fromContextTokenEnd User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP ApprequestsAccessToken usingrefreshToken End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenreturned End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenpresented Alongwith request End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW PROVIDER-HOSTED APP Responsereturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
SHAREPOINTACSCONTEXT CLASS  Inherits SharePointContext  Provides specific properties and methods for dealing with context and access tokens CSOM REST CreateAppOnlyClientContextForSPApp Web CreateAppOnlyClientContextForSPHos t CreateUserClientContextForSPAppWe b CreateUserClientContextForSPHost AppOnlyAccessTokenForSPAp pWeb AppOnlyAccessTokenForSPHo st UserAccessTokenForSPAppW eb UserAccessTokenForSPHost
MAKING REST CALLS WITH OAUTH
MAKING CSOM CALLS WITH OAUTH
PROVIDER-HOSTED APPS
OFFICE 365 APIS
OFFICE 365 APIS FLOW  User has Organizational Account  Application deployed  Application does not require explicit permission grant
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Useraccesses Webapplication
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Redirectedto AAD
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Consentdialog displayed
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Grantaccessusing ConsentDialog
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode returnedand userredirected
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode, AppId,AppSecret sent
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessandRefresh Tokensreturned
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessTokenpresented Alongwith request
OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Responsereturned
OFFICE 365 DISCOVERY SERVICE  Automatically determine URL of Office 365 services  Supports device app and website flows  Secured using Azure AD authentication  Serves information stored about services in AAD
OFFICE 365 CLIENTS  AadGraphClient – Azure Active Directory  ExchangeClient – Calendar, Contacts, Mail  SharePointClient - Files
OFFICE 365 CLIENTS
OFFICE 365 APIS
OFFICE 365 UNIFIED API  Announced at //build/ http://dev.office.com/unifiedAPIs
OFFICE 365 UNIFIED API
OAUTH CONTROLLER
OAUTH CONTROLLER CLASS  Embodies all OAuth operations  Allows code customizations for special situations  Available on GitHub https://github.com/AzureADSamples/WebApp-WebAPI-OAuth2-UserIdentity-DotNet/ blob/master/WebApp/Controllers/OAuthController.cs
OAUTH CONTROLLER FLOW  User has Organizational Account  App deployed as an Azure Web Site  App registered with Azure Active Directory  Client ID and Client Secret defined in AAD  Permissions granted specifically in AAD
PROGRAMMING THE OAUTH CONTROLLER
RESOURCES  http://dev.office.com  Azure AD Code Samples https://msdn.microsoft.com/en-us/library/azure/dn646737.aspx

Recommended

SharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next LevelSharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next Level
Paul Schaeflein
 
AnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync AdaptersAnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync Adapters
Kiana Tennyson
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
Ubisecure
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
Microsoft 365 Developer
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
BIWUG
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with Keycloak
Nikhil Kathole
 
Developing an intranet on office 365
Developing an intranet on office 365Developing an intranet on office 365
Developing an intranet on office 365
Eric Shupps
 
How To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native AppHow To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native App
Andolasoft Inc
 

Recommended

SharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next LevelSharePoint Add-Ins - the Next Level
SharePoint Add-Ins - the Next Level
Paul Schaeflein
 
AnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync AdaptersAnDevCon - A Primer to Sync Adapters
AnDevCon - A Primer to Sync Adapters
Kiana Tennyson
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
Ubisecure
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
Microsoft 365 Developer
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
BIWUG
 
Foreman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with KeycloakForeman Single Sign-On Made Easy with Keycloak
Foreman Single Sign-On Made Easy with Keycloak
Nikhil Kathole
 
Developing an intranet on office 365
Developing an intranet on office 365Developing an intranet on office 365
Developing an intranet on office 365
Eric Shupps
 
How To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native AppHow To Manage API Request with AXIOS on a React Native App
How To Manage API Request with AXIOS on a React Native App
Andolasoft Inc
 
Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
 
Sync on Android
Sync on AndroidSync on Android
Sync on Android
chalup
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Atlassian
 
başlık
başlıkbaşlık
başlık
brmiz.com
 
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Eric Shupps
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
Manish Pandit
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
André Vala
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
Aaron Parecki
 
Mojemoje
MojemojeMojemoje
Mojemoje
Martin Vokoun
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Will Tran
 
Office 365 Groups Deep Dive
Office 365 Groups Deep DiveOffice 365 Groups Deep Dive
Office 365 Groups Deep Dive
André Vala
 
Introducing Cardio
Introducing CardioIntroducing Cardio
Introducing Cardio
Yusuke Kita
 
Automatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesAutomatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos Tabulares
Gaston Cruz
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020
Microsoft 365 Developer
 
Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021
Microsoft 365 Developer
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
anikristo
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
NexThoughts Technologies
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
André Vala
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
Guy Marom
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
Aruba, a Hewlett Packard Enterprise company
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)
Michael Collier
 

More Related Content

What's hot

Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
Oracle Corporation
 
Sync on Android
Sync on AndroidSync on Android
Sync on Android
chalup
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Atlassian
 
başlık
başlıkbaşlık
başlık
brmiz.com
 
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Eric Shupps
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
Manish Pandit
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
André Vala
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
Aaron Parecki
 
Mojemoje
MojemojeMojemoje
Mojemoje
Martin Vokoun
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Will Tran
 
Office 365 Groups Deep Dive
Office 365 Groups Deep DiveOffice 365 Groups Deep Dive
Office 365 Groups Deep Dive
André Vala
 
Introducing Cardio
Introducing CardioIntroducing Cardio
Introducing Cardio
Yusuke Kita
 
Automatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesAutomatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos Tabulares
Gaston Cruz
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020
Microsoft 365 Developer
 
Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021
Microsoft 365 Developer
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
anikristo
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
NexThoughts Technologies
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
André Vala
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
Guy Marom
 

What's hot (20)

Introduction to OAuth2.0
Introduction to OAuth2.0Introduction to OAuth2.0
Introduction to OAuth2.0
 
Sync on Android
Sync on AndroidSync on Android
Sync on Android
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
 
başlık
başlıkbaşlık
başlık
 
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
Who Are You and What Do You Want? Working with OAuth in SharePoint 2013.
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
 
The State of OAuth2
The State of OAuth2The State of OAuth2
The State of OAuth2
 
Mojemoje
MojemojeMojemoje
Mojemoje
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
 
Office 365 Groups Deep Dive
Office 365 Groups Deep DiveOffice 365 Groups Deep Dive
Office 365 Groups Deep Dive
 
Introducing Cardio
Introducing CardioIntroducing Cardio
Introducing Cardio
 
Automatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos TabularesAutomatizacion de Procesos en Modelos Tabulares
Automatizacion de Procesos en Modelos Tabulares
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020
 
Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
From Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint WebhooksFrom Event Receivers to SharePoint Webhooks
From Event Receivers to SharePoint Webhooks
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 

Similar to Deep Dive into Office 365 API for Azure AD

EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
Aruba, a Hewlett Packard Enterprise company
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)
Michael Collier
 
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
Stuart
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
Mobiliya
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
Kris Wagner
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
Yasmine Gaber
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko
 
Provider hosted apps - acs
Provider hosted apps - acsProvider hosted apps - acs
Provider hosted apps - acs
David J Rosenthal
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf
Tomasz Kopacz
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
FIWARE
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
aminmesbahi
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
Álvaro Alonso González
 
Microsoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event SubscriptionsMicrosoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event Subscriptions
Stefan Weber
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
SPC Adriatics
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
O auth2.0 20141003
O auth2.0 20141003O auth2.0 20141003
O auth2.0 20141003
Syed Ali Raza
 

Similar to Deep Dive into Office 365 API for Azure AD (20)

EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)
 
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
Provider hosted apps - acs
Provider hosted apps - acsProvider hosted apps - acs
Provider hosted apps - acs
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Microsoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event SubscriptionsMicrosoft Graph API with OutSystems Event Subscriptions
Microsoft Graph API with OutSystems Event Subscriptions
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
O auth2.0 20141003
O auth2.0 20141003O auth2.0 20141003
O auth2.0 20141003
 

Recently uploaded

AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 

Recently uploaded (20)

AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 

Deep Dive into Office 365 API for Azure AD

  • 1. SPS ATL May 30, 2015 DEEP DIVE INTO OFFICE 365 APIS FOR AZURE ACTIVE DIRECTORY
  • 2. 2 SharePoint Saturday Atlanta2 |SharePoint Saturday Atlanta
  • 3. 3 SharePoint Saturday Atlanta3 |SharePoint Saturday Atlanta
  • 4. 4 SharePoint Saturday Atlanta4 |SharePoint Saturday Atlanta
  • 5. ABOUT ME Solutions Architect Trainer Hockey fan http://www.schaeflein.net/blog
  • 6. AGENDA  Azure Active Directory User Authentication Flow  OAuth Primer Application Authentication Flow  Development Scenarios Provider-hosted / SharePoint context O365 OAuth / Discovery / Tokens
  • 7. AZURE ACTIVE DIRECTORY  Identity and Access Management for the cloud  Can create new directories or manage existing ones in Azure subscription  Used by Office 365 for authentication  Used by Azure for user authentication and application authorization
  • 8. ORGANIZATIONAL ACCOUNTS  Term for User Accounts in AAD  Required to Access Microsoft Cloud Services  Tenant-Based
  • 9. LINK OFFICE 365 AND AZURE  Log into Microsoft Azure subscription as administrator  Click on the Active Directory link.  Click New>Active Directory>Directory>Custom Create  Select to Add an Existing Directory  Follow the steps to add an existing directory
  • 11. USER AUTHENTICATION  Users authenticate to Office 365 using Organizational Account  Users added to directory via O365, Azure Portal, Synchronization
  • 21. WHAT IS OAUTH 2.0?  Simple mechanism to grant a third party access to a user’s resources without sharing the user’s password.  Cross platform app authorization  Internet Standard supported by Azure, Facebook, Google, Twitter, and more
  • 22. OAUTH 2.0 ACTORS  Client: application requesting access to a user’s resources  Resource Owner: the user who can grant rights to the application  Resource Server: the server hosting the protected resources and exposing a web-based API  Authorization Server – server issuing tokens
  • 23. OAUTH 2.0 ACTORS IN OFFICE 365  Client: SharePoint app, Azure web application, Windows 8 app  Resource Owner: individual or administrator with an Organizational Account in Azure Active Directory  Resource Server: SharePoint, Exchange  Authorization Server: Azure Access Control Services
  • 24. OAUTH 2.0 TOKENS  Context Token  Information about the Resource Owner & Client  Used to get an Access Token later.  Access Token  A token passed to the Resource Server authorizing the Client to access resources.
  • 25. OAUTH 2.0 TOKENS  Refresh Token  A token used to get an Access Token from the Authorization Server.  Authorization Code  A code that can be used to register an app on-the-fly
  • 26. BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) An Access Token can be used by any application that possesses it Always use SSL – OAuth design depends on it! Never expose tokens in JavaScript or allow them to be accessed by client-side debugging tools
  • 27. BEARER TOKENS  OAuth 2.0 Access Tokens are unbound tokens (a.k.a, “Bearer Tokens”) If an Access Token is compromised, damage is limited by expiration If a Refresh Token is compromised, damage is limited because the Client ID and Client Secret are required to get an Access Token from a Refresh Token.
  • 28. DEVELOPMENT SCENARIOS Provider-Hosted Apps What we’ve used in SharePoint Online all along Uses SharePoint-specific tokens Office 365-based Apps Uses service-wide capable tokens
  • 30. APP PRINCIPALS  Apps are registered with SharePoint Online Client ID / Secret App Host Domain Redirect URL  SharePoint provides registration management pages AppRegNew.aspx AppInv.aspx AppPrincipals.aspx
  • 31. REGISTER AN APP Generated value Generated value Free text value Azure domain (e.g., myapp.azurewebsites.net) Webaddress (e.g., https://myapp.azurewebsites.net)
  • 32. PROVIDER-HOSTED APP FLOW  User has Organizational Account  App registered with SharePoint Online  App deployed to SharePoint Online  Remote Web deployed  Client ID and Client Secret defined in AAD
  • 33. OAUTH 2.0 FLOW PROVIDER-HOSTED APP End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 34. OAUTH 2.0 FLOW PROVIDER-HOSTED APP Userlaunchesapp End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
  • 35. OAUTH 2.0 FLOW PROVIDER-HOSTED APP RequestContexttoken foruser End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 36. OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 37. OAUTH 2.0 FLOW PROVIDER-HOSTED APP ContextTokenreturned anduserredirectedto app End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 38. OAUTH 2.0 FLOW PROVIDER-HOSTED APP AppextractsRefreshToken fromContextTokenEnd User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 39. OAUTH 2.0 FLOW PROVIDER-HOSTED APP ApprequestsAccessToken usingrefreshToken End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 40. OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenreturned End User (Resource Owner) Azure ACS (Authorization Server)SharePoint Online (Resource Server) Azure Web Site (Client)
  • 41. OAUTH 2.0 FLOW PROVIDER-HOSTED APP AccessTokenpresented Alongwith request End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 42. OAUTH 2.0 FLOW PROVIDER-HOSTED APP Responsereturned End User (Resource Owner) Azure ACS (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 43. SHAREPOINTACSCONTEXT CLASS  Inherits SharePointContext  Provides specific properties and methods for dealing with context and access tokens CSOM REST CreateAppOnlyClientContextForSPApp Web CreateAppOnlyClientContextForSPHos t CreateUserClientContextForSPAppWe b CreateUserClientContextForSPHost AppOnlyAccessTokenForSPAp pWeb AppOnlyAccessTokenForSPHo st UserAccessTokenForSPAppW eb UserAccessTokenForSPHost
  • 44. MAKING REST CALLS WITH OAUTH
  • 45. MAKING CSOM CALLS WITH OAUTH
  • 48. OFFICE 365 APIS FLOW  User has Organizational Account  Application deployed  Application does not require explicit permission grant
  • 49. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server)
  • 50. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Useraccesses Webapplication
  • 51. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Redirectedto AAD
  • 52. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Consentdialog displayed
  • 53. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Grantaccessusing ConsentDialog
  • 54. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode returnedand userredirected
  • 55. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AuthCode, AppId,AppSecret sent
  • 56. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessandRefresh Tokensreturned
  • 57. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) AccessTokenpresented Alongwith request
  • 58. OAUTH 2.0 FLOW OFFICE 365 APIS End User (Resource Owner) Azure Active Directory (Authorization Server) Azure Web Site (Client) SharePoint Online (Resource Server) Responsereturned
  • 59. OFFICE 365 DISCOVERY SERVICE  Automatically determine URL of Office 365 services  Supports device app and website flows  Secured using Azure AD authentication  Serves information stored about services in AAD
  • 60. OFFICE 365 CLIENTS  AadGraphClient – Azure Active Directory  ExchangeClient – Calendar, Contacts, Mail  SharePointClient - Files
  • 63. OFFICE 365 UNIFIED API  Announced at //build/ http://dev.office.com/unifiedAPIs
  • 66. OAUTH CONTROLLER CLASS  Embodies all OAuth operations  Allows code customizations for special situations  Available on GitHub https://github.com/AzureADSamples/WebApp-WebAPI-OAuth2-UserIdentity-DotNet/ blob/master/WebApp/Controllers/OAuthController.cs
  • 67. OAUTH CONTROLLER FLOW  User has Organizational Account  App deployed as an Azure Web Site  App registered with Azure Active Directory  Client ID and Client Secret defined in AAD  Permissions granted specifically in AAD
  • 68. PROGRAMMING THE OAUTH CONTROLLER
  • 69. RESOURCES  http://dev.office.com  Azure AD Code Samples https://msdn.microsoft.com/en-us/library/azure/dn646737.aspx

Editor's Notes

  1. The Oauth controller needs you to provide a redirect URL and it will give back the authorization URL