Download pdf - Introduction to OAuth in SharePoint 2013

7/22/2019 Introduction to OAuth in SharePoint 2013

1/42


2/42

Sponsored by:

Visit us on the web at www.binarywave.com

Real-time application monitoring, event

management, and operational health

metrics for Microsoft SharePoint

Reduce troubleshooting time by up to 30%

Increase efficiency and improve user satisfactionAvoid downtime and costly outages

Meet or exceed service level agreements

Maximize investment in current infrastructure


3/42


4/42

CKS:DEV

TheSharePointCowboy

Patterns

&Practices

Eric Shupps

www.sharepointcowboy.com [email protected] facebook.com/sharepointcow

CKS:DEV

TheSharePointCowboy

Patterns

&Practices

www.sharepointcowboy.com [email protected] slideshare.net/eshu


5/42


6/42


7/42

authorization


8/42


9/42


10/42


11/42


12/42

ResourceOwnerGrants access to

a protected

resource

ResourceServerHosts theprotected

resource andaccepts access

requests

Client

Applicationmaking

protectedresource

requests onbehalf of the

resource owner

u

Iss


13/42

Client

R

u

R

Authorization Request

Authorization Grant

Authorization Grant

Access Token

Access Token

Protected Resource


14/42

User requests access App requestsRequest Token

Provider returnsRequest Token

App builds auth linkw/ Request Token

User requests URL +Request Token

Provider returnsaccess token

User requests URL +Access Token

App validates accesstoken

Access tokenvalidated

User grantedaccess

1

2

3


15/42

User requests access App requests AccessToken

Provider returnsAccess Token

App builds auth linkw/ Access Token

User requests URL +Access Token

App validates accesstoken

Access tokenvalidated

User grantedaccess

1

2


16/42


17/42


18/42

Manages identity information for principals (STS)Identity Provider

Handles requests for trusted identity claimsSecurity Token Service

Identity provider associated with a web applicationIdentity Token Issuer

Trusted resource (farm, server, etc.)Security Token Issuer

Resource information and signing certificate (JSON)Metadata Endpoint

Used to request permission to protected resourceRequest TokenUsed by App to access resource on behalf of userAccess Token

Operation scope for authorizationRealm

Cloud-based security token service (IP-STS)Azure ACS


19/42


20/42


21/42


22/42


23/42

App establishes context

SP validates S2S trust

App requests access token from SP

Browser POSTS parameters to App

SP returns parameters

User browses to App

On

Premise

App establishes context

ACS provides access token

App requests access token from AC

Browser POSTS request token to ap

SP sends request tokens to browse

SP gets request token from ACS

User browses to app


24/42


25/42

On

Premise

Establish client context

Get access token with S2S

Get claims from Windows identity

Get request parameters

Get client context from SP with access to

Get access token

Read and validate context token

Parse out Context Token

Get POST parameters from SP


26/42

Client ID App URLTenant ID

Tenant IDAzure ACSStartEnd

SharePointTenant ID

User ID + Issuer + App + RealmIP-STS URL

Browser or Event Receiver

Token sent to IP-STS (Azure ACS)


27/42

{

"typ":"JWT"

"alg":"RS256"

"x5t":"kriMPdmBvx68skT8-mPAB3BseeA"}.{"aud":"00000003-0000-0ff1-ce00- 000000000000

/binarywaveinc.sharepoint.com@2ae1caa2-a173-4989-b8f5-9da45655b8f4"

"iss":"00000001-0000-0000-c000-000000000000@2ae1caa2-a173-4989-b8f5-9da45655b8f

"nbf":1400013357

"exp":1400056557"nameid":"1003000086ad02d6"

"actor":"c90047b7-392a-42e7-8c52-65afa92e5d0d@2ae1caa2-a173-4989-b8f5-9da45655b

"identityprovider":"urn:federation:microsoftonline

}

SharePoint

Host Web Tenant ID

Start

Azure ACS Tenant ID

End

Tenant ID

UPN

STS ID


28/42


29/42


30/42


31/42

Description Link

OAuth Working Group http://oauth.net/

OAuth Resource Guide http://bit.ly/14CWP

Authorization and authentication for apps in SharePoint 2013 http://bit.ly/16f8W

Setting up an OAuth trust between farms in SharePoint 2013 http://bit.ly/12Yr7e

Plan for server-to-server authentication in SharePoint 2013 http://bit.ly/1chAg

Whats new in authentication for SharePoint 2013 http://bit.ly/1e6Ka

Creating High-Trust apps with S2S http://bit.ly/18RL8

Using O365 to Authorize On-Premise Apps http://bit.ly/1fvv1B


32/42


33/42

Explore

Give FeedbackGet Answers

Play

Follow


34/42

Patterns and pra

30+ Visual StudiCommon scenarios

Contribute


35/42

OFC-B254 Integrating Yammer and Microsoft SharePoint Using .NETDEV-B230 Most Commonly Asked for On-Premises Customizations ReimApplications for SharePointDEV-B319 Get Started Developing Applications for Microsoft Office andSharePoint Server 2013DEV-B231 Office Power Hour: New Developer APIs and Features forApplications for OfficeDEV-B227 Anyone Can Build a SharePoint Application with Microsoft AcceOFC-B274 Implementing Microsoft SharePoint 2013 Hybrid for Search BuConnectivity Services Microsoft OneDrive for Business and Yammer


36/42

DEV-B232 Creating Cloud Hosted Line-of-Business Applications with AppsMicrosoft Office 365 Microsoft Azure and Windows Phone 8OFC-B311 A Practical Use of External Data SourcesDEV-B357 Developing Office 365 Cloud Business ApplicationsDEV-B387 Deep Dive into Mail Compose Applications APIsDEV-B386 Setting Up Your On-Premises Environment for App DevelopmeDEV-B228 Build Connected Productivity Apps for SharePoint and OfficeDEV-B390 SharePoint Power Hour: New Developer APIs and Features for SharePointDEV-B389 Who Are You and What Do You Want? Working with OAuth inSharePoint 2013


37/42


38/42

EXM04 Exam Prep: 70 331 and 70 332


39/42

www.microsoft.com/learning

http://microsoft.com/msdnhttp://microsoft.com/technet

http://channel9.msdn.com/Events/TechEd
http://www.microsoft.com/learninghttp://microsoft.com/msdnhttp://microsoft.com/technethttp://channel9.msdn.com/Events/TechEdhttp://channel9.msdn.com/Events/TechEdhttp://microsoft.com/technethttp://microsoft.com/msdnhttp://www.microsoft.com/learning


40/42


41/42


42/42