Downloaded 18 times
Uploaded byNCCOMMS
SPUnite17 Who Are You and What Do You Want
This document discusses OAuth and authorization in SharePoint, Office 365, and Azure. It begins with an introduction to OAuth fundamentals, including the roles of clients, resource owners, authorization servers, and resource servers. It then covers OAuth implementation, including configuring trusts between on-premise and cloud-based authorization servers and the steps applications take to request and receive access tokens. The document concludes with additional resources on OAuth and authorization.
More Related Content
![[Roine] Serverless: Don't Take It Literally](https://cdn.slidesharecdn.com/ss_thumbnails/dklxbumq7kcoitoz4awn-signature-d4523b3bf020616e67040d2a940ba8bf9aeab187b20da49956548f98de22ea12-poli-180606121949-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to SPUnite17 Who Are You and What Do You Want
![[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...](https://cdn.slidesharecdn.com/ss_thumbnails/adfcuh8osf2qrrkkg2ys-signature-d4523b3bf020616e67040d2a940ba8bf9aeab187b20da49956548f98de22ea12-poli-180606121949-thumbnail.jpg?width=640&height=640&fit=bounds)
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
SPUnite17 Who Are You and What Do You Want
- 1. Who Are Youand What Do You Want? Working with OAuth in SharePoint, O365 & Azure
- 2. @eshupps sharepointcowboywww.sharepointcowboy.com slideshare.net/eshupps linkedin.com/in/eshupps EricShupps SharePoint Server MVP
- 3.
- 5.
- 6.
- 8.
- 9.
- 10.
- 11. Resource Owner Grants access to aprotected resource Resource Server Hosts the protected resource and accepts access requests Client Application making protected resource requests on behalf of the resource owner Authorization Server Issues access tokens
- 12. Client Resource Owner Authorization Server Resource Server Authorization Request Authorization Grant AuthorizationGrant Access Token Access Token Protected Resource
- 13. User requests access App requests RequestToken Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3
- 14. User requests access App requests AccessToken Provider returns Access Token App builds auth link w/ Access Token User requests URL + Access Token App validates access token Access token validated User granted access 1 2
- 15.
- 17. Manages identity informationfor principals (STS)Identity Provider Handles requests for trusted identity claimsSecurity Token Service Identity provider associated with a web applicationIdentity Token Issuer Trusted resource (farm, server, etc.)Security Token Issuer Resource information and signing certificate (JSON)Metadata Endpoint Used to request permission to protected resourceRequest Token Used by App to access resource on behalf of userAccess Token Operation scope for authorizationRealm Cloud-based security token service (IP-STS)Azure ACS
- 20. Consumer Export Root &STS Certificates Copy Certificates Import root certificate(s) and create trusted root authority Provider Export Root Certificate Copy Certificates Import STS Certificate Create Trusted Service Token Issuer Import root certificate(s) and create trusted root authority
- 21. Consumer Provider Create TrustedRoot Authority Set Authentication Realm Create Trusted Security Token Issuer Create App Principals Create Trusted Root Authority Create Trusted Security Token Issuer
- 22.
- 24. App establishes context SPvalidates S2S trust App requests access token from SP Browser POSTS parameters to App SP returns parameters User browses to App OnPremise App establishes context ACS provides access token App requests access token from ACS Browser POSTS request token to app SP sends request tokens to browser SP gets request token from ACS User browses to app Online 1 2 3 4 5 6 7 8 9
- 25. OnPremise Online Establish client context Getaccess token with S2S Get claims from Windows identity Get request parameters Get client context from SP with access token Get access token Read and validate context token Parse out Context Token Get POST parameters from SP
- 28. Client ID AppURL Tenant ID Tenant ID Azure ACS Start End SharePoint Tenant ID User ID + Issuer + App + Realm IP-STS URL Browser or Event Receiver Token sent to IP-STS (Azure ACS)
- 29.
- 31.
- 32. Description Link OAuth WorkingGroup http://oauth.net/ OAuth Resource Guide http://bit.ly/14CWPNb Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8WFh Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e3 Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAgFl What’s new in authentication for SharePoint 2013 http://bit.ly/1e6KaYv Creating High-Trust apps with S2S http://bit.ly/18RL8uL Using O365 to Authorize On-Premise Apps http://bit.ly/1fvv1Bo